VYPR

Wp Import Export Lite

by WordPress

CVEs (4)

  • CVE-2025-6207HigAug 5, 2025
    risk 0.49cvss 7.5epss 0.01

    The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with…

  • CVE-2025-5061HigAug 5, 2025
    risk 0.49cvss 7.5epss 0.01

    The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with…

  • CVE-2025-2839MedApr 22, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-31308MedApr 7, 2024
    risk 0.29cvss 4.4epss 0.00

    Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.