CVE-2018-16258

There is an XSS vulnerability in WordPress WP All Import plugin 3.4.9 triggered via the pmxi-admin-import custom_type. The issue is gated by the fact that WP All Import requires an administrator login, and the action can only be performed by an admin, with the vendor disputing that this constitut...

CVE-2018-16258

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import customtype. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...

CVE-2018-16258

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import customtype. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...

CVE-2018-16257

WP All Import plugin version 3.4.9 has multiple XSS vulnerabilities exploitable via the action=template endpoint. The issue affects WordPress installations using this plugin and can lead to client-side code execution, with sources explicitly noting administrator-only access as part of the exposur...

CVE-2018-16257

There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged...

CVE-2018-16256

WP All Import plugin for WordPress (version 3.4.9) contains a cross-site scripting (XSS) vulnerability that can be triggered via the Add Filtering Options (Add Rule) feature. The issue is reported as present in 3.4.9 and is tied to insufficient input validation, with disclosures noting the vulner...

CVE-2018-16255

WP All Import plugin for WordPress, version 3.4.9, is associated with a cross-site scripting vulnerability via the endpoint action=evaluate. Exploitation appears to require a logged-in administrator; vendor dispute exists regarding the issue. No patch/version fix details are provided in the inclu...

CVE-2018-16255

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in...

CVE-2018-16254

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in...

CVE-2018-16254

Summary: CVE-2018-16254 concerns an XSS vulnerability in the WordPress plugin WP All Import (version 3.4.9) exposed via the parameter action=options. The vulnerability is described as exploitable by a logged-in administrator; the vendor states it is not a vulnerability. The linked OpenVAS entry c...

CVE-2018-16254

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in...

PT-2019-9286 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability in the WP All Import plugin for WordPress, specifically via the action=options. It's noted that the vendor does not consider this a vulnerability, as the...

PT-2019-9288 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability in the WP All Import plugin for WordPress. It can be exploited via the Add Filtering Options Add Rule feature. The vendor has stated that this is not...

PT-2019-9287 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability via the action=evaluate endpoint. It is noted that the vendor does not consider this a vulnerability, as the plugin can only be used by a logged-in...

PT-2019-9290 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability via the pmxi-admin-import custom type. It is noted that the vendor disputes this being a vulnerability, citing that WP All Import can only be used by a...

PT-2019-9289 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns multiple XSS vulnerabilities. These can be accessed via the "action=template" endpoint. It's worth noting that the vendor disputes this being a vulnerability, citing that WP A...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2019-30134)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP All Import plugin is used in one of the file import plugin. A cross-site scripting vulnerability exists in WordPress WP All Import...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2019-30135)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP All Import plugin is used in one of the file import plugin. A cross-site scripting vulnerability exists in WordPress WP All Import...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2019-30136)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP All Import plugin is used in one of the file import plugin. A cross-site scripting vulnerability exists in WordPress WP All Import...

pixiv: CSRF at https://chatstory.pixiv.net/imported

Summary: A CSRF in https://chatstory.pixiv.net/imported can trick users to import a novel of the attacker as the users' chatstory. Steps To Reproduce: 1. Attacker creates a novel 2. Go to the novel https://www.pixiv.net/novel/show.php?id=10997105 Import the novel as chatstory by clicking the...