Missing Authorization

Overview org.jenkins-ci.plugins:job-import-plugin is a package that imports jobs from another Jenkins instance. Affected versions of this package are vulnerable to Missing Authorization via the HTTP endpoint. An attacker can enumerate credential IDs by sending crafted requests if they have...

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

EUVD-2026-32517

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48926

The CVE-2026-48926 entry concerns Jenkins Job Import Plugin (versions 143.v044a_2e819b_27 and earlier) where an HTTP endpoint does not enforce a permission check. The flaw enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins, indicating an authorization issue with...

Jenkins Job Import Plugin 安全漏洞

The Jenkins Job Import Plugin is an open-source plugin for Jenkins that allows the import and migration of Jenkins tasks. The Jenkins Job Import Plugin versions 143.v044a2e819b27 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks at the HTT...

PT-2026-29197

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

EUVD-2026-10004

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

WordPress WP All Import plugin <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' vulnerability

Reflected Cross-Site Scripting via 'filepath' vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WP All Import versions = 4.0.0...

CVE-2025-50193

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2026-1317

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

PT-2026-20385

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the file name parameter which is stored in the database during file upload and later used in raw SQL...

WordPress WP All Import plugin < 3.7.3 - Admin+ Arbitrary File Upload to RCE vulnerability

Admin+ Arbitrary File Upload to RCE vulnerability discovered by quangnt in WordPress Plugin WP All Import versions 3.7.3...

WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Membership WP user Import versions = 1.9.1...

CVE-2017-18567

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2025-14627

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...

WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

PT-2026-1010

Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.36 Description The plugin is susceptible to Server-Side Request Forgery SSRF. This occurs because the plugin does not properly validate URLs after following Bitly shortlin...