CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

Exploit for CVE-2015-9331

CVE-2015-9331 POC Vulnerability Description CVE-2015-9331...

WordPress plugin WP All Import Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

WordPress WP All Import plugin <= 3.7.9 - Cross-Site Request Forgery to Imported Content Deletion

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

WordPress WP All Import Pro plugin <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import vulnerability

Authenticated Administrator+ Server-Side Request Forgery via File Import vulnerability discovered by Ivan Kuzymchak in WordPress Plugin WP All Import Pro versions = 4.9.3...

CVE-2018-16257

There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged...

PT-2019-9289 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns multiple XSS vulnerabilities. These can be accessed via the "action=template" endpoint. It's worth noting that the vendor disputes this being a vulnerability, citing that WP A...

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Note that this vulnerability is different from JVN60032768. Mardan Muhidin of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2018-04771)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP All Import plugin versions prior to 3.4.7, which can be exploited...