Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53887

Malicious code in bioql PyPI...

7.2CVSS9.2AI score0.00708EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/09 3:22 p.m.15 views

CVE-2024-9664

The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP...

7.2CVSS7AI score0.00708EPSS
Exploits0References1
NVD
NVD
added 2025/02/07 4:15 p.m.10 views

CVE-2024-9661

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...

4.3CVSS0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/02/07 3:21 p.m.36 views

CVE-2024-9661

CVE-2024-9661 refers to WP All Import Pro for WordPress, vulnerable to Cross-Site Request Forgery due to missing nonce validation in the delete_and_edit function. This allows unauthenticated attackers to delete imported content (posts, comments, users, etc.) by tricking an administrator into a fo...

4.3CVSS6.4AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/07 3:21 p.m.12 views

CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...

4.3CVSS6.5AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/07 3:21 p.m.12 views

CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...

4.3CVSS0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.4 views

PT-2025-5988 · WordPress · Wp All Import Pro

Name of the Vulnerable Software and Affected Versions: WP All Import Pro versions up to and including 4.9.7 Description: The issue is related to cross-site request forgery due to missing nonce validation in the delete and edit function. This allows unauthenticated attackers to delete imported...

4.3CVSS9.5AI score0.00161EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/05 4:37 a.m.8 views

CVE-2024-9624

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS6.5AI score0.00412EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/19 4:21 a.m.16 views

CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS0.00332EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/19 4:21 a.m.4 views

CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.2AI score0.00332EPSS
Exploits0References2
NVD
NVD
added 2024/12/17 6:15 a.m.27 views

CVE-2024-9624

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/17 5:23 a.m.30 views

CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS0.00412EPSS
Exploits0References2
CVE
CVE
added 2024/12/17 5:23 a.m.62 views

CVE-2024-9624

WP All Import Pro (WordPress) FIXED: SSRF in pmxi_curl_download affects all versions ≤ 4.9.3, exploitable by authenticated (Administrator+) users to issue web requests from the app to arbitrary locations, including internal service endpoints and cloud instance metadata. CVSS 3.1 vector: NETWORK/L...

7.6CVSS7.2AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/17 5:23 a.m.8 views

CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS6.7AI score0.00412EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/17 12:0 a.m.4 views

WordPress plugin WP All Import Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

7.6CVSS8.5AI score0.00412EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2015/03/17 12:0 a.m.16 views

WP All Import Pro <= 4.1.1 - Multiple Vulnerabilities

Multiple issues were fixed, such as Authenticated SQL Injection, Authenticated Reflected XSS and Unauthorised access to some methods...

3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder