CVE-2026-1317

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

CVE-2025-12733 Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic

The Import any XML, CSV or Excel File to WordPress WP All Import plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval on unsanitized user-supplied input in the pmxiif function within helpers/functions.php. This mak...

EUVD-2024-54307

Malicious code in bioql PyPI...

EUVD-2024-30399

Malicious code in bioql PyPI...

EUVD-2024-28133

Malicious code in bioql PyPI...

CVE-2024-32597

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7...

CVE-2023-22851

Tiki before 24.2 allows lib/importer/tikiimporterblogwordpress.php PHP Object Injection by an admin because of an unserialize call...

WordPress WordPress Importer plugin <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin WordPress Importer versions = 0.8.3...

CVE-2024-13889

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

CVE-2024-13889 WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

CVE-2024-13889 WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

CVE-2024-13889

CVE-2024-13889 affects WordPress Importer (WordPress Importer plugin) up to version 0.8.3 via PHP Object Injection in maybe_unserialize. Exploitation requires Administrator+ access and, crucially, a POP chain present from another plugin/theme; without a POP chain, impact is limited. The vulnerabi...

WordPress plugin WordPress Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-30201

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4...

CVE-2024-32597

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7...

CVE-2024-32597

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7...

CVE-2024-32597

Technical details about CVE-2024-32597 (affected product/version, root cause, exploitability, and patch status) are not provided in the connected documents. Monitor for official advisories and vendor patches for updates.

WordPress WordPress Importer Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Importer Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32597 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 94a09567c54a Credits Majed Refaea Required privilege...

CVE-2024-30201

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4...

CVE-2024-30201

Technical details for CVE-2024-30201 are not publicly provided in the supplied documents. No specifics on affected versions, vectors, or fixes are available here; monitor for updates from vendors and advisories.