CVE-2025-12894 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

CVE-2025-12137

The CVE-2025-12137 entry concerns Import WP – Export and Import CSV and XML files to WordPress, vulnerable to Arbitrary File Read. Wordfence and Patchstack sources confirm the issue affects all versions up to 2.14.16, arising from an unvalidated absolute file path in the plugin’s REST API handlin...

CVE-2022-1273

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...

WordPress plugin Import WP代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Import WP plugin is vulnerable to a file upload vulnerability, which stems from the plugin'...