Lucene search
K
SoflyyWp All Import

19 matches found

CVE
CVE
added 2022/11/07 12:0 a.m.84 views

CVE-2022-3418

CVE-2022-3418 affects the WordPress plugin WP All Import, pre-3.6.9, where improper filtering of allowed import file extensions enables administrators in multisite WordPress installations to upload arbitrary files, potentially leading to remote code execution (RCE). Some sources explicitly descri...

7.2CVSS7AI score0.01104EPSS
Web
CVE
CVE
added 2022/09/21 7:2 p.m.65 views

CVE-2022-36386

CVE-2022-36386 affects the WordPress import plugin “Import any XML or CSV File to WordPress” (Soflyy). The vulnerability is an authenticated arbitrary code execution (RCE) flaw reported for versions up to 3.6.7. Several sources (NVD/NVD-derived feeds, WPScan, Patchstack) corroborate that an authe...

9.1CVSS7.3AI score0.0108EPSS
CVE
CVE
added 2022/11/07 12:0 a.m.62 views

CVE-2022-2711

CVE-2022-2711 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress) prior to version 3.6.9. The issue is improper validation of file paths for files inside uploaded zip archives, enabling highly privileged users (admins) to perform path traversal and write arbitrary...

7.2CVSS7AI score0.03187EPSS
Web
CVE
CVE
added 2019/08/20 2:58 p.m.54 views

CVE-2015-9331

The CVE-2015-9331 flaw affects the WordPress plugin WP All Import, specifically versions up to 3.2.3 (CVE references also note

7.5CVSS7.6AI score0.01428EPSS
Web
CVE
CVE
added 2025/02/07 3:21 p.m.54 views

CVE-2024-9664

CVE-2024-9664 affects WP All Import Pro (WordPress) up to version 4.9.7. It enables authenticated administrators (and higher) to trigger a PHP Object Injection via deserialization of untrusted input from an import file. The documented impact includes potential deletion of arbitrary files, data ex...

7.2CVSS7.2AI score0.00708EPSS
CVE
CVE
added 2022/07/04 1:6 p.m.53 views

CVE-2022-2268

CVE-2022-2268 concerns the WordPress plugin “Import any XML or CSV File to WordPress” (versions before 3.6.8). The vulnerability arises because the plugin accepts all ZIP files and automatically extracts them without validating the extracted file type, enabling high-privilege users (e.g., admins)...

7.2CVSS7AI score0.01374EPSS
Web
CVE
CVE
added 2019/08/20 3:0 p.m.49 views

CVE-2017-18567

CVE-2017-18567 affects the WordPress wp-all-import plugin prior to 3.4.6, where an XSS vulnerability exists in input handling due to lack of proper validation of client-side data. This could allow attacker-controlled script execution when processing imported XML/CSV data. A fix is available in ve...

6.1CVSS6.3AI score0.00905EPSS
CVE
CVE
added 2019/08/20 2:59 p.m.46 views

CVE-2015-9330

The CVE-2015-9330 entry concerns the WordPress plugin wp-all-import, with a blind SQL injection vulnerability reported in versions before 3.2.5. Public sources (NVD, Red Hat, CNVD, CVE lists) consistently describe a SQL injection flaw in this plugin, aligned with a high/critical risk profile (CVS...

9.8CVSS9.9AI score0.01795EPSS
CVE
CVE
added 2019/04/12 6:5 p.m.46 views

CVE-2018-16259

CVE-2018-16259 corresponds to XSS in WordPress WP All Import plugin v3.4.9 via the pmxi-admin-settings large_feed_limit. Multiple connected sources confirm this as a vulnerability affecting WP All Import 3.4.9, with exploitation requiring administrator authentication (logged-in admin). Root cause...

6.1CVSS5.9AI score0.00886EPSS
CVE
CVE
added 2019/08/20 3:1 p.m.44 views

CVE-2018-20978

CVE-2018-20978 affects the WordPress wp-all-import plugin for versions prior to 3.4.7. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-supplied data in the plugin, enabling an attacker to run malicious script in a victim’s browser. Public records...

6.1CVSS6.3AI score0.00905EPSS
CVE
CVE
added 2018/03/09 4:0 p.m.43 views

CVE-2018-0546

CVE-2018-0546 corresponds to a cross-site scripting vulnerability in the WordPress plugin WP All Import, affecting versions prior to 3.4.6. The flaw is in the file upload function and allows an attacker to inject arbitrary script or HTML via unspecified vectors. Public references consistently sta...

6.1CVSS5.9AI score0.01537EPSS
CVE
CVE
added 2018/03/09 4:0 p.m.43 views

CVE-2018-0547

The CVE-2018-0547 entry concerns the WordPress plugin WP All Import prior to version 3.4.7. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary script/HTML via unspecified vectors, potentially leading to arbitrary JavaScript execution in a logged-in ...

6.1CVSS5.9AI score0.01537EPSS
CVE
CVE
added 2019/08/20 2:59 p.m.42 views

CVE-2015-9329

The CVE-2015-9329 entry concerns the WordPress plugin wp-all-import . It states that versions before 3.2.5 are vulnerable to reflected XSS . Product: WordPress plugin wp-all-import; Impact: user input reflected in responses leading to XSS; Root cause: improper sanitization/escaping in the affecte...

6.1CVSS6.4AI score0.00913EPSS
CVE
CVE
added 2019/04/12 5:57 p.m.42 views

CVE-2018-16254

Summary: CVE-2018-16254 concerns an XSS vulnerability in the WordPress plugin WP All Import (version 3.4.9) exposed via the parameter action=options. The vulnerability is described as exploitable by a logged-in administrator; the vendor states it is not a vulnerability. The linked OpenVAS entry c...

6.1CVSS5.9AI score0.00905EPSS
CVE
CVE
added 2019/04/12 6:0 p.m.42 views

CVE-2018-16256

WP All Import plugin for WordPress (version 3.4.9) contains a cross-site scripting (XSS) vulnerability that can be triggered via the Add Filtering Options (Add Rule) feature. The issue is reported as present in 3.4.9 and is tied to insufficient input validation, with disclosures noting the vulner...

6.1CVSS5.9AI score0.00937EPSS
CVE
CVE
added 2019/04/12 5:59 p.m.40 views

CVE-2018-16255

WP All Import plugin for WordPress, version 3.4.9, is associated with a cross-site scripting vulnerability via the endpoint action=evaluate. Exploitation appears to require a logged-in administrator; vendor dispute exists regarding the issue. No patch/version fix details are provided in the inclu...

6.1CVSS5.9AI score0.00886EPSS
CVE
CVE
added 2021/12/06 3:55 p.m.40 views

CVE-2021-24714

CVE-2021-24714 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress)

4.8CVSS5AI score0.00598EPSS
CVE
CVE
added 2019/04/12 6:3 p.m.39 views

CVE-2018-16258

There is an XSS vulnerability in WordPress WP All Import plugin 3.4.9 triggered via the pmxi-admin-import custom_type. The issue is gated by the fact that WP All Import requires an administrator login, and the action can only be performed by an admin, with the vendor disputing that this constitut...

6.1CVSS6AI score0.00886EPSS
CVE
CVE
added 2019/04/12 6:2 p.m.38 views

CVE-2018-16257

WP All Import plugin version 3.4.9 has multiple XSS vulnerabilities exploitable via the action=template endpoint. The issue affects WordPress installations using this plugin and can lead to client-side code execution, with sources explicitly noting administrator-only access as part of the exposur...

6.1CVSS6.1AI score0.00864EPSS