19 matches found
CVE-2022-3418
CVE-2022-3418 affects the WordPress plugin WP All Import, pre-3.6.9, where improper filtering of allowed import file extensions enables administrators in multisite WordPress installations to upload arbitrary files, potentially leading to remote code execution (RCE). Some sources explicitly descri...
CVE-2022-36386
CVE-2022-36386 affects the WordPress import plugin “Import any XML or CSV File to WordPress” (Soflyy). The vulnerability is an authenticated arbitrary code execution (RCE) flaw reported for versions up to 3.6.7. Several sources (NVD/NVD-derived feeds, WPScan, Patchstack) corroborate that an authe...
CVE-2022-2711
CVE-2022-2711 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress) prior to version 3.6.9. The issue is improper validation of file paths for files inside uploaded zip archives, enabling highly privileged users (admins) to perform path traversal and write arbitrary...
CVE-2015-9331
The CVE-2015-9331 flaw affects the WordPress plugin WP All Import, specifically versions up to 3.2.3 (CVE references also note
CVE-2024-9664
CVE-2024-9664 affects WP All Import Pro (WordPress) up to version 4.9.7. It enables authenticated administrators (and higher) to trigger a PHP Object Injection via deserialization of untrusted input from an import file. The documented impact includes potential deletion of arbitrary files, data ex...
CVE-2022-2268
CVE-2022-2268 concerns the WordPress plugin “Import any XML or CSV File to WordPress” (versions before 3.6.8). The vulnerability arises because the plugin accepts all ZIP files and automatically extracts them without validating the extracted file type, enabling high-privilege users (e.g., admins)...
CVE-2017-18567
CVE-2017-18567 affects the WordPress wp-all-import plugin prior to 3.4.6, where an XSS vulnerability exists in input handling due to lack of proper validation of client-side data. This could allow attacker-controlled script execution when processing imported XML/CSV data. A fix is available in ve...
CVE-2015-9330
The CVE-2015-9330 entry concerns the WordPress plugin wp-all-import, with a blind SQL injection vulnerability reported in versions before 3.2.5. Public sources (NVD, Red Hat, CNVD, CVE lists) consistently describe a SQL injection flaw in this plugin, aligned with a high/critical risk profile (CVS...
CVE-2018-16259
CVE-2018-16259 corresponds to XSS in WordPress WP All Import plugin v3.4.9 via the pmxi-admin-settings large_feed_limit. Multiple connected sources confirm this as a vulnerability affecting WP All Import 3.4.9, with exploitation requiring administrator authentication (logged-in admin). Root cause...
CVE-2018-20978
CVE-2018-20978 affects the WordPress wp-all-import plugin for versions prior to 3.4.7. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-supplied data in the plugin, enabling an attacker to run malicious script in a victim’s browser. Public records...
CVE-2018-0546
CVE-2018-0546 corresponds to a cross-site scripting vulnerability in the WordPress plugin WP All Import, affecting versions prior to 3.4.6. The flaw is in the file upload function and allows an attacker to inject arbitrary script or HTML via unspecified vectors. Public references consistently sta...
CVE-2018-0547
The CVE-2018-0547 entry concerns the WordPress plugin WP All Import prior to version 3.4.7. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary script/HTML via unspecified vectors, potentially leading to arbitrary JavaScript execution in a logged-in ...
CVE-2015-9329
The CVE-2015-9329 entry concerns the WordPress plugin wp-all-import . It states that versions before 3.2.5 are vulnerable to reflected XSS . Product: WordPress plugin wp-all-import; Impact: user input reflected in responses leading to XSS; Root cause: improper sanitization/escaping in the affecte...
CVE-2018-16254
Summary: CVE-2018-16254 concerns an XSS vulnerability in the WordPress plugin WP All Import (version 3.4.9) exposed via the parameter action=options. The vulnerability is described as exploitable by a logged-in administrator; the vendor states it is not a vulnerability. The linked OpenVAS entry c...
CVE-2018-16256
WP All Import plugin for WordPress (version 3.4.9) contains a cross-site scripting (XSS) vulnerability that can be triggered via the Add Filtering Options (Add Rule) feature. The issue is reported as present in 3.4.9 and is tied to insufficient input validation, with disclosures noting the vulner...
CVE-2018-16255
WP All Import plugin for WordPress, version 3.4.9, is associated with a cross-site scripting vulnerability via the endpoint action=evaluate. Exploitation appears to require a logged-in administrator; vendor dispute exists regarding the issue. No patch/version fix details are provided in the inclu...
CVE-2021-24714
CVE-2021-24714 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress)
CVE-2018-16258
There is an XSS vulnerability in WordPress WP All Import plugin 3.4.9 triggered via the pmxi-admin-import custom_type. The issue is gated by the fact that WP All Import requires an administrator login, and the action can only be performed by an admin, with the vendor disputing that this constitut...
CVE-2018-16257
WP All Import plugin version 3.4.9 has multiple XSS vulnerabilities exploitable via the action=template endpoint. The issue affects WordPress installations using this plugin and can lead to client-side code execution, with sources explicitly noting administrator-only access as part of the exposur...