43 matches found
Exploit for CVE-2025-14364
CVE-2025-14364 Demo Importer Plus = 2.0.8 - Missing Author...
WordPress Demo Importer Plus plugin <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload vulnerability
Authenticated Author+ Blind XML External Entity Injection via SVG File Upload vulnerability discovered by bosz in WordPress Plugin Demo Importer Plus versions = 2.0.9...
CVE-2025-14478
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
CVE-2025-14478
CVE-2025-14478 (Demo Importer Plus, WordPress) : The Demo Importer Plus plugin is vulnerable to XML External Entity (XXE) injection via SVG file uploads in all versions up to 2.0.9. Exploitation requires authentication at Author level or higher, and, in affected PHP configurations (older than 8.0...
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
CVE-2025-14478
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
PT-2026-3354
Name of the Vulnerable Software and Affected Versions Demo Importer Plus plugin for WordPress versions up to and including 2.0.9 Description The software is susceptible to XML External Entity Injection XXE through the SVG file upload functionality. This allows authenticated attackers with...
WordPress Plugin Demo Importer Plus code issue and vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin
On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset and assign the administrator role to the...
WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Demo Importer Plus versions = 2.0.8...
CVE-2025-69091
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...
WordPress Demo Importer Plus plugin <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Demo Importer Plus versions = 2.0.6...
EUVD-2025-205707
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...
CVE-2025-69091
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...
CVE-2025-69091 WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...
CVE-2025-69091 WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...
CVE-2025-69091
CVE-2025-69091 relates to Demo Importer Plus (WordPress plugin) and is tied to a Missing Authorization vulnerability due to incorrectly configured access control. The issue affects Demo Importer Plus versions from prior to or at 2.0.8 and is documented in Wordfence as Missing Authorization. The W...
WordPress plugin Demo Importer Plus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-53918
Name of the Vulnerable Software and Affected Versions Kraft Plugins Demo Importer Plus versions through 2.0.8 Description The Demo Importer Plus plugin contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. This issue impacts th...