VYPR

Wp All Import

by WordPress

Source repositories

CVEs (19)

  • CVE-2022-1565HigJul 18, 2022
    risk 0.47cvss 7.2epss 0.11

    The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above,…

  • CVE-2025-10001HigSep 10, 2025
    risk 0.40cvss 7.2epss 0.01

    The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with…

  • CVE-2024-8722MedJan 19, 2025
    risk 0.36cvss 5.5epss 0.00

    The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2018-0547MedMar 9, 2018
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0546MedMar 9, 2018
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2024-9661MedFeb 7, 2025
    risk 0.28cvss 4.3epss 0.00

    The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported…

  • CVE-2024-31939MedApr 10, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.

  • CVE-2022-36386Sep 21, 2022
    risk 0.00cvss epss 0.01

    Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

  • CVE-2018-20978Aug 20, 2019
    risk 0.00cvss epss 0.01

    The wp-all-import plugin before 3.4.7 for WordPress has XSS.

  • CVE-2017-18567Aug 20, 2019
    risk 0.00cvss epss 0.01

    The wp-all-import plugin before 3.4.6 for WordPress has XSS.

  • CVE-2015-9329Aug 20, 2019
    risk 0.00cvss epss 0.01

    The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.

  • CVE-2015-9330Aug 20, 2019
    risk 0.00cvss epss 0.02

    The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.

  • CVE-2015-9331Aug 20, 2019
    risk 0.00cvss epss 0.01

    The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.

  • CVE-2018-16259Apr 12, 2019
    risk 0.00cvss epss 0.01

    There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be…

  • CVE-2018-16258Apr 12, 2019
    risk 0.00cvss epss 0.01

    There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken…

  • CVE-2018-16257Apr 12, 2019
    risk 0.00cvss epss 0.01

    There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken…

  • CVE-2018-16256Apr 12, 2019
    risk 0.00cvss epss 0.01

    There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken…

  • CVE-2018-16255Apr 12, 2019
    risk 0.00cvss epss 0.01

    There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by…

  • CVE-2018-16254Apr 12, 2019
    risk 0.00cvss epss 0.01

    There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by…