CVE-2017-18567

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

EUVD-2018-1364

Malware in sbrugna...

EUVD-2018-13514

Malware in sbrugna...

CVE-2015-9329

The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS...

CVE-2015-9330

The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection...

Cross site scripting

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2018-16259

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings largefeedlimit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of b...

CVE-2018-16259

CVE-2018-16259 corresponds to XSS in WordPress WP All Import plugin v3.4.9 via the pmxi-admin-settings large_feed_limit. Multiple connected sources confirm this as a vulnerability affecting WP All Import 3.4.9, with exploitation requiring administrator authentication (logged-in admin). Root cause...

CVE-2018-16256

WP All Import plugin for WordPress (version 3.4.9) contains a cross-site scripting (XSS) vulnerability that can be triggered via the Add Filtering Options (Add Rule) feature. The issue is reported as present in 3.4.9 and is tied to insufficient input validation, with disclosures noting the vulner...

CVE-2018-16255

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in...

CVE-2018-16254

Summary: CVE-2018-16254 concerns an XSS vulnerability in the WordPress plugin WP All Import (version 3.4.9) exposed via the parameter action=options. The vulnerability is described as exploitable by a logged-in administrator; the vendor states it is not a vulnerability. The linked OpenVAS entry c...