11 matches found
EUVD-2026-10004
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-14627
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...
PT-2026-1010
Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.36 Description The plugin is susceptible to Server-Side Request Forgery SSRF. This occurs because the plugin does not properly validate URLs after following Bitly shortlin...
WordPress Import WP plugin Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Import WP plugin, which stems from a lack of .htaccess protection for the import and export functionality, which can ...
EUVD-2025-29689
Malicious code in bioql PyPI...
WordPress plugin CTL Behance Importer Lite 安全漏洞
WordPress CTL Behance Importer Lite is a plugin for importing work from the Behance platform to a WordPress website, mainly used to help creators quickly migrate their work and optimize their website content management. The WordPress CTL Behance Importer Lite plugin suffers from an SQL injection...
CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-10001
CVE-2025-10001 concerns the WordPress plugin “Import any XML, CSV or Excel File to WordPress”. The root cause is missing file-type validation in the import functionality, affecting all versions up to and including 3.9.3. The vulnerability allows an authenticated attacker with Administrator-level ...
WordPress Import WP plugin < 2.13.1 - Admin+ Server-side Request Forgery vulnerability
Admin+ Server-side Request Forgery vulnerability discovered by Mr Empy in WordPress Plugin Import WP versions 2.13.1...
CVE-2018-16259
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings largefeedlimit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of b...