CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

145 matches found

CNNVD•added 2026/01/01 12:0 a.m.•4 views

WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

6.4CVSS6.7AI score0.00237EPSS

Exploits0References4

EUVD•added 2025/11/26 12:0 a.m.•5 views

EUVD-2025-199710

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kistgaimport.cpp aka KisTgaImport. Control flow proceeds even when a number of pixels becomes negative...

6.7CVSS6.8AI score0.0018EPSS

Exploits0References4

CNVD•added 2025/11/25 12:0 a.m.•3 views

WordPress Import WP plugin Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Import WP plugin, which stems from a lack of .htaccess protection for the import and export functionality, which can ...

5.3CVSS6.1AI score0.00223EPSS

Exploits0References1

Patchstack•added 2025/11/21 10:16 p.m.•8 views

WordPress Import WP plugin <= 2.14.17 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by type5afe in WordPress Plugin Import WP versions = 2.14.17...

5.3CVSS7AI score0.00223EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/13 4:15 a.m.•8 views

CVE-2025-12733

The Import any XML, CSV or Excel File to WordPress WP All Import plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval on unsanitized user-supplied input in the pmxiif function within helpers/functions.php. This mak...

8.8CVSS0.00556EPSS

Exploits0References3

EUVD•added 2025/11/13 3:27 a.m.•4 views

EUVD-2025-150407

8.8CVSS7.6AI score0.00556EPSS

Exploits0References4

EUVD•added 2025/11/12 8:28 a.m.•4 views

EUVD-2025-119985

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting function in all versions up to, and including, 7.33. This makes it possible for authenticated attacker...

4.3CVSS4.6AI score0.00226EPSS

Exploits0References5

Patchstack•added 2025/11/03 10:32 p.m.•5 views

WordPress Import WP plugin <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read vulnerability

Authenticated Admin+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Import WP versions = 2.14.16...

4.9CVSS6.8AI score0.00394EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/02 6:43 a.m.•9 views

CVE-2025-12137

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

4.9CVSS5.9AI score0.00394EPSS

Exploits0References1

Vulnrichment•added 2025/11/01 6:40 a.m.•3 views

CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

4.9CVSS5.5AI score0.00394EPSS

Exploits0References9

CVE•added 2025/10/22 2:32 p.m.•9 views

CVE-2025-49992

The CVE-2025-49992 entry documents a Reflected XSS in the LearnPress Export Import (ThimPress LearnPress Export Import) WordPress plugin. Affected component: the learnpress-import-export module; affected versions are listed as through 4.0.9 (and Patchstack notes 4.1.0 as a fix). Root cause: impro...

7.1CVSS6AI score0.00228EPSS

Exploits0References1

NVD•added 2025/10/11 10:15 a.m.•7 views

CVE-2025-8682

The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...

4.3CVSS0.00227EPSS

Exploits0References3

Positive Technologies•added 2025/10/11 12:0 a.m.•3 views

PT-2025-41679

Name of the Vulnerable Software and Affected Versions Newsup theme for WordPress versions prior to 5.0.11 Description The Newsup theme for WordPress is susceptible to unauthorized plugin installation. This is due to a missing capability check within the newsup admin info install plugin function...

4.3CVSS6.2AI score0.00227EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2018-13514

Malware in sbrugna...

6.1CVSS6.3AI score0.00905EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2018-1364

Malware in sbrugna...

6.1CVSS6.2AI score0.01537EPSS

Exploits0References4