EUVD-2024-29204

Malicious code in bioql PyPI...

EUVD-2025-23606

Malicious code in bioql PyPI...

WordPress WP Import Export Lite plugin Arbitrary File Upload Vulnerability

WordPress WP Import Export Lite plugin is the official WordPress recommended import and export plugin that supports batch processing of site data, including posts, pages, taxonomies, comments and user data, etc. It supports a variety of file formats such as CSV, JSON, XML and so on. WordPress WP...

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5061 WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5061

CVE-2025-5061 affects WordPress plugin WP Import Export Lite (versions ≤ 3.9.29). The vulnerability arises from missing file type validation in the wpie_parse_upload_data function, enabling authenticated users with Subscriber-level access (and those granted by an Administrator) to upload arbitrar...

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is affected by an arbitrary file upload vulnerability caused by missing file type validation in the wpie_tempalte_import function, affecting all versions up to and including 3.9.28. Authenticated users with Subscriber-level access or higher, and with...

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-6207 WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress plugin WP Import Export Lite 代码问题漏洞

WordPress WP Import Export Lite plugin is the official WordPress recommended import and export plugin that supports batch processing of site data, including posts, pages, taxonomies, comments and user data, etc. It supports a variety of file formats such as CSV, JSON, XML and so on. WordPress WP...

WordPress plugin WP Import Export Lite 代码问题漏洞

WordPress WP Import Export Lite plugin is a free plugin for WordPress, mainly used for batch import and export website data. WordPress WP Import Export Lite plugin suffers from a missing file type validation vulnerability that can be exploited by attackers to cause arbitrary file uploads and remo...

WordPress WP Import Export Lite plugin <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Vincent Fourcade vinceMatsui in WordPress Plugin WP Import Export Lite versions = 3.9.28...

CVE-2025-2839

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-2839

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-2839

CVE-2025-2839 – WP Import Export Lite (WordPress) A stored cross-site scripting vulnerability exists in WP Import Export Lite up to version 3.9.27 via the wpiePreviewData function. Exploitation requires authenticated access at Contributor level or higher, allowing an attacker to inject script tha...

CVE-2025-2839 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-2839 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin WP Import Export Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-31308

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26...