CVE-2026-4328 Advanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' Parameter
The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...