CVE-2026-2830

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-2830

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...

CVE-2017-18567

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2025-12733

The Import any XML, CSV or Excel File to WordPress WP All Import plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval on unsanitized user-supplied input in the pmxiif function within helpers/functions.php. This mak...

CVE-2025-12733

CVE-2025-12733 affects the WordPress plugin Import any XML, CSV or Excel File to WordPress (WP All Import) up to version 3.9.6. The issue is an authenticated (Administrator+) Remote Code Execution via crafted import templates, caused by the use of eval() on unsanitized input in pmxi_if within hel...

WordPress Import any XML, CSV or Excel File to WordPress (WP All Import) plugin <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic vulnerability

Authenticated Administrator+ Remote Code Execution via Conditional Logic vulnerability discovered by tmrswrr in WordPress Plugin WP All Import versions = 3.9.6...

EUVD-2018-1364

Malware in sbrugna...

EUVD-2017-9683

Malware in sbrugna...

EUVD-2018-13514

Malware in sbrugna...

EUVD-2018-1363

Malware in sbrugna...

EUVD-2024-53887

Malicious code in bioql PyPI...

EUVD-2024-30249

Malicious code in bioql PyPI...

CVE-2024-32431

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2...

CVE-2018-20978

The wp-all-import plugin before 3.4.7 for WordPress has XSS...

CVE-2015-9329

The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS...

CVE-2024-9664

The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP...

CVE-2024-9661

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...

CVE-2024-9661

CVE-2024-9661 refers to WP All Import Pro for WordPress, vulnerable to Cross-Site Request Forgery due to missing nonce validation in the delete_and_edit function. This allows unauthenticated attackers to delete imported content (posts, comments, users, etc.) by tricking an administrator into a fo...

CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...