VYPR

Wp All Import

by Wpallimport

Source repositories

CVEs (3)

  • CVE-2022-1565HigJul 18, 2022
    risk 0.47cvss 7.2epss 0.11

    The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above,…

  • CVE-2024-32431MedApr 15, 2024
    risk 0.29cvss 4.4epss 0.00

    Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2.

  • CVE-2024-9661MedFeb 7, 2025
    risk 0.28cvss 4.3epss 0.00

    The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported…