VYPR

Wordpress Importer

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-13889HigMar 26, 2025
    risk 0.40cvss 7.2epss 0.01

    The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' function. This makes it possible for authenticated attackers, with Administrator-level…

  • CVE-2022-1273May 2, 2022
    risk 0.00cvss epss 0.01

    The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE