Wp All Import
by WordPress
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1565 | Hig | 0.47 | 7.2 | 0.11 | Jul 18, 2022 | The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above,… | ||
| CVE-2025-10001 | Hig | 0.40 | 7.2 | 0.01 | Sep 10, 2025 | The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-8722 | Med | 0.36 | 5.5 | 0.00 | Jan 19, 2025 | The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2018-0547 | Med | 0.33 | 6.1 | 0.02 | Mar 9, 2018 | Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2018-0546 | Med | 0.33 | 6.1 | 0.02 | Mar 9, 2018 | Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2024-9661 | Med | 0.28 | 4.3 | 0.00 | Feb 7, 2025 | The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported… | ||
| CVE-2024-31939 | Med | 0.28 | 4.3 | 0.00 | Apr 10, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. | ||
| CVE-2022-36386 | 0.00 | — | 0.01 | Sep 21, 2022 | Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. | |||
| CVE-2018-20978 | 0.00 | — | 0.01 | Aug 20, 2019 | The wp-all-import plugin before 3.4.7 for WordPress has XSS. | |||
| CVE-2017-18567 | 0.00 | — | 0.01 | Aug 20, 2019 | The wp-all-import plugin before 3.4.6 for WordPress has XSS. | |||
| CVE-2015-9329 | 0.00 | — | 0.01 | Aug 20, 2019 | The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | |||
| CVE-2015-9330 | 0.00 | — | 0.02 | Aug 20, 2019 | The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | |||
| CVE-2015-9331 | 0.00 | — | 0.01 | Aug 20, 2019 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | |||
| CVE-2018-16259 | 0.00 | — | 0.01 | Apr 12, 2019 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be… | |||
| CVE-2018-16258 | 0.00 | — | 0.01 | Apr 12, 2019 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken… | |||
| CVE-2018-16257 | 0.00 | — | 0.01 | Apr 12, 2019 | There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken… | |||
| CVE-2018-16256 | 0.00 | — | 0.01 | Apr 12, 2019 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken… | |||
| CVE-2018-16255 | 0.00 | — | 0.01 | Apr 12, 2019 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by… | |||
| CVE-2018-16254 | 0.00 | — | 0.01 | Apr 12, 2019 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by… |
- risk 0.47cvss 7.2epss 0.11
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above,…
- risk 0.40cvss 7.2epss 0.01
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with…
- risk 0.36cvss 5.5epss 0.00
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.33cvss 6.1epss 0.02
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.33cvss 6.1epss 0.02
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.28cvss 4.3epss 0.00
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.
- CVE-2022-36386Sep 21, 2022risk 0.00cvss —epss 0.01
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
- CVE-2018-20978Aug 20, 2019risk 0.00cvss —epss 0.01
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
- CVE-2017-18567Aug 20, 2019risk 0.00cvss —epss 0.01
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
- CVE-2015-9329Aug 20, 2019risk 0.00cvss —epss 0.01
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
- CVE-2015-9330Aug 20, 2019risk 0.00cvss —epss 0.02
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
- CVE-2015-9331Aug 20, 2019risk 0.00cvss —epss 0.01
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
- CVE-2018-16259Apr 12, 2019risk 0.00cvss —epss 0.01
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be…
- CVE-2018-16258Apr 12, 2019risk 0.00cvss —epss 0.01
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken…
- CVE-2018-16257Apr 12, 2019risk 0.00cvss —epss 0.01
There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken…
- CVE-2018-16256Apr 12, 2019risk 0.00cvss —epss 0.01
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken…
- CVE-2018-16255Apr 12, 2019risk 0.00cvss —epss 0.01
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by…
- CVE-2018-16254Apr 12, 2019risk 0.00cvss —epss 0.01
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by…