CVE-2026-1317

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

CVE-2019-16558

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...

CVE-2025-14627 WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...

CVE-2025-12879

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

CVE-2025-12138 URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...

WordPress plugin URL Image Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-12732 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting function in all versions up to, and including, 7.33. This makes it possible for authenticated attacker...

CVE-2025-10312 Theme Importer <= 1.0 - Cross-Site Request Forgery

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

EUVD-2013-1036

Malware in sbrugna...

EUVD-2021-25716

Malware in sbrugna...

EUVD-2024-54307

Malicious code in bioql PyPI...

EUVD-2024-51123

Malicious code in bioql PyPI...

EUVD-2022-4836

Malicious code in bioql PyPI...

EUVD-2022-2000

Malicious code in bioql PyPI...

CVE-2025-10057

CVE-2025-10057 details from multiple sources confirm a Remote Code Execution flaw in the WordPress plugin “WP Import – Ultimate CSV XML Importer for WordPress” up to version 7.28. The root cause is unfiltered PHP code being written by write_to_customfile(), enabling an authenticated user with Sub...

CVE-2025-8417 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

WordPress Ultimate Tag Warrior Importer plugin <= 0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Tag Warrior Importer versions = 0.2...

CVE-2025-9202

The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation

The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation

The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...