Lucene search
K

4 matches found

NVD
NVD
added 2026/02/18 1:16 p.m.6 views

CVE-2026-1317

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

6.5CVSS0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/17 5:18 a.m.3 views

CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...

8.8CVSS7.2AI score0.0068EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/17 5:18 a.m.8 views

CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...

8.8CVSS0.0068EPSS
Exploits0References4
CNVD
CNVD
added 2025/09/12 12:0 a.m.5 views

WordPress WP Import plugin unauthorized access vulnerability

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

7.7CVSS6.5AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder