CVE-2022-1398

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks...

CVE-2022-1398

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks...

GHSA-882R-R8FW-P538 XXE vulnerability in Jenkins Job Import Plugin

An XML external entity XXE processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to rea...

XXE vulnerability in Jenkins Job Import Plugin

An XML external entity XXE processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to rea...

GHSA-57WW-2CVR-WV38 Jenkins Job Import Plugin vulnerable to exposure of sensitive information

Jenkins Job Import Plugin did not check user permissions on its API endpoint used to access remote Jenkins instances. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

Jenkins Job Import Plugin CSRF vulnerability

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

CVE-2022-29451 WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin = 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory...

CVE-2022-1008

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

WordPress plugin Catch Themes Demo Import 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin Cat...

WordPress Import any XML or CSV File to WordPress plugin <= 3.6.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress Import any XML or CSV File to WordPress plugin versions = 3.6.2. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.6.3...

WordPress Server-Side Request Forgery Vulnerability (CNVD-2021-59060)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in the WordPress wp-smart-import plugin. No...

CVE-2020-24147

Server-side request forgery SSR vulnerability in the WP Smart Import wp-smart-import plugin 1.0.0 for WordPress via the file field...

WordPress Advanced Import plugin <= 1.0.7 - Unauthenticated Database Reset vulnerability leading to Privilege Escalation

Unauthenticated Database Reset vulnerability leading to Privilege Escalation discovered by NinTechNet in WordPress Advanced Import plugin versions = 1.0.7. Solution Update the WordPress Advanced Import plugin to the latest available version at least 1.0.8...

CVE-2018-20978

The wp-all-import plugin before 3.4.7 for WordPress has XSS...

CVE-2015-9330

The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection...

Cross site scripting

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2018-16259

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings largefeedlimit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of b...

CVE-2018-16256

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering OptionsAdd Rule. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...

CVE-2018-16259

CVE-2018-16259 corresponds to XSS in WordPress WP All Import plugin v3.4.9 via the pmxi-admin-settings large_feed_limit. Multiple connected sources confirm this as a vulnerability affecting WP All Import 3.4.9, with exploitation requiring administrator authentication (logged-in admin). Root cause...