CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

WordPress plugin WP Smart Import 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-43413

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2019-1003017

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

CVE-2019-1003015

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to read...

CVE-2019-1003016

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,...

CVE-2015-9329

The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS...

CVE-2025-1970

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web request...

WordPress plugin Order Export & Order Import for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress plugin Easy MLS Listings Import 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP All Import plugin <= 3.7.9 - Authenticated (Administrator+) PHP Object Injection via Import File vulnerability

Authenticated Administrator+ PHP Object Injection via Import File vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

WordPress Import WP plugin <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Import WP versions = 2.14.5...

WordPress plugin Olive One Click Demo Import 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

WordPress Import WP plugin < 2.13.1 - Admin+ Server-side Request Forgery vulnerability

Admin+ Server-side Request Forgery vulnerability discovered by Mr Empy in WordPress Plugin Import WP versions 2.13.1...

PT-2024-15253 · WordPress · Import Wp

Name of the Vulnerable Software and Affected Versions: Import WP WordPress plugin versions prior to 2.13.1 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be a problem in multisite configurations. This is due to the lack of prevention of pinging ...

WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Olive One Click Demo Import versions = 1.1.1...

WordPress Plugin Import Content in WordPress & WooCommerce with Excel 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Import Content in WordPre...

WordPress Import any XML or CSV File to WordPress Plugin <= 3.7.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Import any XML or CSV File to WordPress Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31939 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530bb25fc8a...

CVE-2024-30201 WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4...

PT-2023-22724 · Thimpress · Thimpress Learnpress Export Import Plugin

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress Export Import plugin versions prior to 4.0.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...