EUVD-2026-10004

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

GHSA-37J7-56XC-C468 Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

PT-2026-22994

Name of the Vulnerable Software and Affected Versions Idno versions prior to 1.6.4 Description Idno, a social publishing platform, contains a remote code execution vulnerability that can be triggered through a chained sequence of issues. Specifically, a web application administrator can be...

CVE-2025-14627

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...

PT-2026-1010

Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.36 Description The plugin is susceptible to Server-Side Request Forgery SSRF. This occurs because the plugin does not properly validate URLs after following Bitly shortlin...

WordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Import into Easy Property Listings versions = 2.2.1...

WordPress Import WP plugin Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Import WP plugin, which stems from a lack of .htaccess protection for the import and export functionality, which can ...

Improper Input Validation

auth0/wordpress is vulnerable to Improper Input Validation. The vulnerability is due to the Bulk User Import endpoint not validating the file path wrapper or value, which allows an attacker to supply arbitrary file paths or URLs to manipulate file handling behavior...

CVE-2025-12733 Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic

The Import any XML, CSV or Excel File to WordPress WP All Import plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval on unsanitized user-supplied input in the pmxiif function within helpers/functions.php. This mak...

EUVD-2025-29689

Malicious code in bioql PyPI...

WordPress plugin CTL Behance Importer Lite 安全漏洞

WordPress CTL Behance Importer Lite is a plugin for importing work from the Behance platform to a WordPress website, mainly used to help creators quickly migrate their work and optimize their website content management. The WordPress CTL Behance Importer Lite plugin suffers from an SQL injection...

CVE-2025-57901

CVE-2025-57901 is listed in connected sources as relating to Import Markdown – Versatile Markdown Importer for WordPress. The connected entry indicates a vulnerability described as an authenticated (Contributor+) Stored Cross-Site Scripting (XSS) via the Markdown import process. In practical term...

CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-10001

CVE-2025-10001 concerns the WordPress plugin “Import any XML, CSV or Excel File to WordPress”. The root cause is missing file-type validation in the import functionality, affecting all versions up to and including 3.9.3. The vulnerability allows an authenticated attacker with Administrator-level ...

WordPress Import WP plugin < 2.13.1 - Admin+ Server-side Request Forgery vulnerability

Admin+ Server-side Request Forgery vulnerability discovered by Mr Empy in WordPress Plugin Import WP versions 2.13.1...

WordPress Import Export WordPress Users Plugin <= 2.5.3 is vulnerable to Deserialization of untrusted data

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2024-32835 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18b32b38e523 Credits Trình Vũ...

WordPress Import Content in WordPress & WooCommerce with Excel plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Import Content in WordPress & WooCommerce with Excel versions = 4.2...

WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection

Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...