CVE-2022-36386 — CVSS 9.1 (critical): Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
CVE-2015-9331 — CVSS 7.5 (high): The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
CVE-2022-3418 — CVSS 7.2 (high): The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported…
CVE-2022-2268 — CVSS 7.2 (high): The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without…
CVE-2024-9664 — CVSS 7.2 (high): The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via…
CVE-2022-2711 — CVSS 7.2 (high): The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives…
CVE-2018-16258 — CVSS 6.1 (medium): There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that…
CVE-2018-16259 — CVSS 6.1 (medium): There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states…
CVE-2018-16257 — CVSS 6.1 (medium): There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this…
CVE-2018-0546 — CVSS 6.1 (medium): Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web…
CVE-2018-0547 — CVSS 6.1 (medium): Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web…
CVE-2018-16254 — CVSS 6.1 (medium): There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a…
CVE-2018-16255 — CVSS 6.1 (medium): There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a…
CVE-2018-16256 — CVSS 6.1 (medium): There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that…
CVE-2021-24714 — CVSS 4.8 (medium): The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before…