4 matches found
CVE-2026-1317
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...
WordPress WP Import plugin unauthorized access vulnerability
WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...