3 matches found
CVE-2023-7253
The CVE-2023-7253 entry concerns the Import WP WordPress plugin prior to version 2.13.1, where users with the Administrator role can trigger server-side requests (SSRF), with potential impact in multisite deployments. Root cause described across connected records is inadequate prevention of ping-...
CVE-2022-1273
The CVE-2022-1273 entry concerns the WordPress Import WP plugin prior to version 2.4.6. The vulnerability: the plugin does not validate the imported file in certain scenarios, allowing high-privilege users (e.g., admins) to upload arbitrary files (including PHP), which can lead to remote code exe...
CVE-2024-13562
The CVE CVE-2024-13562 affects the WordPress plugin Import WP – Export and Import CSV and XML files to WordPress, with all versions up to and including 2.14.5 vulnerable to unauthenticated Sensitive Information Exposure via the uploads directory. The issue allows an unauthenticated attacker to re...