Product
soflyy wp all import
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-9664
CVE-2024-32431
CVE-2022-3418
CVE-2022-2711
CVE-2022-36386
CVE-2022-1565
CVE-2022-2268
CVE-2021-24714
CVE-2018-20978
CVE-2017-18567
CVE-2015-9331
CVE-2015-9330
CVE-2015-9329
CVE-2018-16259
CVE-2018-16258
CVE-2018-16257
CVE-2018-16256
CVE-2018-16255
CVE-2018-16254
CVE-2018-0547
CVE-2018-0546
< 4.9.8
The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via d
< 1.3
Deserialization of Untrusted Data vulnerability in WP All Import Users from CSV.This issue affects Import Users from CSV: f
< 3.6.9
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be
< 3.6.9
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip arc
<= 3.6.7
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPres
< 3.6.8
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.
< 3.6.8
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file with
< 3.6.3
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields be
< 3.4.7
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
< 3.2.6
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
< 3.2.4
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
< 3.2.5
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
< 3.2.5
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
all versions
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vend
all versions
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor stat
all versions
There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states th
all versions
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor st
all versions
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this i
all versions
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is
<= 3.4.6
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbit
< 3.4.6
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbit