EUVD-2024-29204

Malicious code in bioql PyPI...

EUVD-2025-23606

Malicious code in bioql PyPI...

CVE-2025-5061 WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5061

CVE-2025-5061 affects WordPress plugin WP Import Export Lite (versions ≤ 3.9.29). The vulnerability arises from missing file type validation in the wpie_parse_upload_data function, enabling authenticated users with Subscriber-level access (and those granted by an Administrator) to upload arbitrar...

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is affected by an arbitrary file upload vulnerability caused by missing file type validation in the wpie_tempalte_import function, affecting all versions up to and including 3.9.28. Authenticated users with Subscriber-level access or higher, and with...

CVE-2025-6207 WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress WP Import Export Lite plugin <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Vincent Fourcade vinceMatsui in WordPress Plugin WP Import Export Lite versions = 3.9.28...

CVE-2025-2839

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-2839

CVE-2025-2839 – WP Import Export Lite (WordPress) A stored cross-site scripting vulnerability exists in WP Import Export Lite up to version 3.9.27 via the wpiePreviewData function. Exploitation requires authenticated access at Contributor level or higher, allowing an attacker to inject script tha...

CVE-2025-2839 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-2839 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin WP Import Export Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-31308

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26...

CVE-2024-31308

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26...

CVE-2024-31308

CVE-2024-31308 refers to a Deserialization/PHP Object Injection vulnerability in the WP Import Export Lite WordPress plugin (affected up to and including 3.9.26). The issue is authenticated (Administrator+) and arises from Deserialization of Untrusted Data, enabling potential arbitrary object inj...

Design/Logic Flaw

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

CVE-2022-0236

CVE-2022-0236 affects the WordPress plugin WP Import Export (free & premium) up to version 3.9.15. The root cause is a missing capability check in the download function wpie_process_file_download (in ~/includes/classes/class-wpie-general.php), allowing unauthenticated attackers to disclose sensit...

CVE-2022-0236 WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

CVE-2022-0236 WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

Exploit for Missing Authorization in Vjinfotech Wp_Import_Export

CVE-2022-0236 The WP Import Export WordPress plugin is vulner...