Lucene search
K

43 matches found

GithubExploit
GithubExploit
added 2026/04/18 9:39 a.m.100 views

Exploit for CVE-2025-14364

CVE-2025-14364 Demo Importer Plus = 2.0.8 - Missing Author...

8.8CVSS5.9AI score0.00302EPSS
Exploits1
Patchstack
Patchstack
added 2026/01/19 10:59 a.m.7 views

WordPress Demo Importer Plus plugin <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload vulnerability

Authenticated Author+ Blind XML External Entity Injection via SVG File Upload vulnerability discovered by bosz in WordPress Plugin Demo Importer Plus versions = 2.0.9...

7.5CVSS5.5AI score0.0038EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/17 8:15 a.m.8 views

CVE-2025-14478

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

7.5CVSS0.0038EPSS
Exploits0References4
CVE
CVE
added 2026/01/17 7:27 a.m.20 views

CVE-2025-14478

CVE-2025-14478 (Demo Importer Plus, WordPress) : The Demo Importer Plus plugin is vulnerable to XML External Entity (XXE) injection via SVG file uploads in all versions up to 2.0.9. Exploitation requires authentication at Author level or higher, and, in affected PHP configurations (older than 8.0...

7.5CVSS6.8AI score0.0038EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/17 7:27 a.m.3 views

CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

7.5CVSS6.2AI score0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/17 7:27 a.m.26 views

CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

7.5CVSS0.0038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/17 7:27 a.m.3 views

CVE-2025-14478

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.8 views

PT-2026-3354

Name of the Vulnerable Software and Affected Versions Demo Importer Plus plugin for WordPress versions up to and including 2.0.9 Description The software is susceptible to XML External Entity Injection XXE through the SVG file upload functionality. This allows authenticated attackers with...

7.5CVSS6AI score0.0038EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.7 views

WordPress Plugin Demo Importer Plus code issue and vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS6AI score0.0038EPSS
Exploits0References5
Wordfence Blog
Wordfence Blog
added 2026/01/07 5:25 p.m.10 views

10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin

On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset and assign the administrator role to the...

8.8CVSS6AI score0.00302EPSS
Exploits1
Patchstack
Patchstack
added 2026/01/05 9:33 a.m.5 views

WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Demo Importer Plus versions = 2.0.8...

4.3CVSS7AI score0.00152EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/31 11:6 a.m.5 views

CVE-2025-69091

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...

4.3CVSS7AI score0.00152EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Demo Importer Plus plugin <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Demo Importer Plus versions = 2.0.6...

8.8CVSS5.3AI score0.00482EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/30 12:30 p.m.2 views

EUVD-2025-205707

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...

6.5AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 11:16 a.m.5 views

CVE-2025-69091

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...

4.3CVSS0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 10:47 a.m.24 views

CVE-2025-69091 WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...

4.3CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.1 views

CVE-2025-69091 WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through = 2.0.8...

4.3CVSS6.6AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 10:47 a.m.7 views

CVE-2025-69091

CVE-2025-69091 relates to Demo Importer Plus (WordPress plugin) and is tied to a Missing Authorization vulnerability due to incorrectly configured access control. The issue affects Demo Importer Plus versions from prior to or at 2.0.8 and is documented in Wordfence as Missing Authorization. The W...

4.3CVSS6.6AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin Demo Importer Plus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-53918

Name of the Vulnerable Software and Affected Versions Kraft Plugins Demo Importer Plus versions through 2.0.8 Description The Demo Importer Plus plugin contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. This issue impacts th...

6.6AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder