145 matches found
EUVD-2022-7014
Malicious code in bioql PyPI...
WordPress plugin CTL Behance Importer Lite 安全漏洞
WordPress CTL Behance Importer Lite is a plugin for importing work from the Behance platform to a WordPress website, mainly used to help creators quickly migrate their work and optimize their website content management. The WordPress CTL Behance Importer Lite plugin suffers from an SQL injection...
CVE-2025-10058
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...
CVE-2025-10690
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...
CVE-2025-10057
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...
PT-2025-38115
Name of the Vulnerable Software and Affected Versions: WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.29 Description: The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to Remote Code Execution due to the write to customfile function...
CVE-2025-10001
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...
WordPress WP Import plugin unauthorized access vulnerability
WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...
CVE-2025-10001
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-10001
CVE-2025-10001 concerns the WordPress plugin “Import any XML, CSV or Excel File to WordPress”. The root cause is missing file-type validation in the import functionality, affecting all versions up to and including 3.9.3. The vulnerability allows an authenticated attacker with Administrator-level ...
CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...
WordPress plugin WP Import 安全漏洞
WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...
WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin LearnPress Export Import versions = 4.1.2...
WordPress plugin Alone 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
The vulnerability of the “Import from Excel. Upload product catalog 1C-Bitrix” plugin, which stems from the failure to take measures to neutralize special elements, allows attackers to execute arbitrary commands.
The vulnerability of the plugin “Import from Excel. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
PT-2025-28934 · Ип Кривочуров Дмитрий Анатольевич · Импорт Из Xml
Уязвимость плагина «Импорт из XML, и YML» существует из-за непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS...
CVE-2024-7620
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...