Wp Import Export Lite@* Security Vulnerabilities and Issues — Wp Import Export Lite@* CVE List

Lucene search

VjinfotechWp Import Export Lite*

5 matches found

CVE•added 2022/01/18 5:15 p.m.•57 views

CVE-2022-0236

The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible ...

7.5CVSS7.3AI score0.3739EPSS

CVE•added 2024/04/07 6:15 p.m.•48 views

CVE-2024-31308

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.

7.2CVSS5.1AI score0.00181EPSS

CVE•added 2025/04/22 6:15 a.m.•35 views

CVE-2025-2839

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributo...

6.4CVSS5.7AI score0.00039EPSS

CVE•added 2025/08/05 8:15 a.m.•10 views

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

8.8CVSS7.3AI score0.00348EPSS

CVE•added 2025/08/05 8:15 a.m.•8 views

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.8CVSS7.4AI score0.00234EPSS