CVE-2025-12894

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...

WordPress plugin Import WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Import WP plugin, which stems from a lack of .htaccess protection for the import and export functionality, which can ...

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

EUVD-2022-24606

Malicious code in bioql PyPI...

CVE-2022-1273

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

CVE-2024-13562 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

CVE-2024-13562

The CVE CVE-2024-13562 affects the WordPress plugin Import WP – Export and Import CSV and XML files to WordPress, with all versions up to and including 2.14.5 vulnerable to unauthenticated Sensitive Information Exposure via the uploads directory. The issue allows an unauthenticated attacker to re...

PT-2025-2219 · WordPress · Import Wp

Name of the Vulnerable Software and Affected Versions: Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress versions up to, and including, 2.14.5 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the...

CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

CVE-2023-7253

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

CVE-2023-7253

The CVE-2023-7253 entry concerns the Import WP WordPress plugin prior to version 2.13.1, where users with the Administrator role can trigger server-side requests (SSRF), with potential impact in multisite deployments. Root cause described across connected records is inadequate prevention of ping-...

CVE-2023-7253 Import WP < 2.13.1 - Admin+ Server-side Request Forgery

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

CVE-2023-7253 Import WP < 2.13.1 - Admin+ Server-side Request Forgery

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

WordPress Import WP Plugin < 2.13.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Import WP Type Plugin Vulnerable versions 2.13.1 Fixed in 2.13.1 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-7253 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID ef4fb29b4b88 Credits Mr Empy Required privilege...

CVE-2022-1273

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...

Design/Logic Flaw

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...

CVE-2022-1273

The CVE-2022-1273 entry concerns the WordPress Import WP plugin prior to version 2.4.6. The vulnerability: the plugin does not validate the imported file in certain scenarios, allowing high-privilege users (e.g., admins) to upload arbitrary files (including PHP), which can lead to remote code exe...

CVE-2022-1273 Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...