CVE-2026-2830

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-2830

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...

CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

WordPress plugin WP All Export 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-20386

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

CVE-2017-18567

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2025-12733

The Import any XML, CSV or Excel File to WordPress WP All Import plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval on unsanitized user-supplied input in the pmxiif function within helpers/functions.php. This mak...

CVE-2025-12733

CVE-2025-12733 affects the WordPress plugin Import any XML, CSV or Excel File to WordPress (WP All Import) up to version 3.9.6. The issue is an authenticated (Administrator+) Remote Code Execution via crafted import templates, caused by the use of eval() on unsanitized input in pmxi_if within hel...

WordPress Import any XML, CSV or Excel File to WordPress (WP All Import) plugin <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic vulnerability

Authenticated Administrator+ Remote Code Execution via Conditional Logic vulnerability discovered by tmrswrr in WordPress Plugin WP All Import versions = 3.9.6...

EUVD-2018-1363

Malware in sbrugna...

EUVD-2018-1364

Malware in sbrugna...

EUVD-2018-13514

Malware in sbrugna...

EUVD-2017-9683

Malware in sbrugna...

EUVD-2023-36826

Malicious code in bioql PyPI...

EUVD-2024-30249

Malicious code in bioql PyPI...

EUVD-2024-53887

Malicious code in bioql PyPI...

CVE-2024-32431

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2...

CVE-2023-32583

Cross-Site Request Forgery CSRF vulnerability in Prashant Walke WP All Backup plugin = 2.4.3 versions...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

CVE-2022-3394

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...