Latest soflyy wp all import Vulnerabilities

CVE-2022-3418
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site...
Soflyy Wp All Import<3.6.9
CVE-2022-2711
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbi...
Soflyy Wp All Import<3.6.9
CVE-2022-36386
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
Soflyy Wp All Import<=3.6.7
CVE-2022-2268
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users ...
Soflyy Wp All Import<3.6.8
CVE-2021-24714
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege ...
Soflyy Wp All Import<3.6.3
CVE-2018-20978
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
Soflyy Wp All Import<3.4.7
CVE-2015-9329
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
Soflyy Wp All Import<3.2.5
CVE-2017-18567
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
Soflyy Wp All Import<3.2.6
CVE-2015-9331
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
Soflyy Wp All Import<3.2.4
CVE-2015-9330
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
Soflyy Wp All Import<3.2.5
CVE-2018-16258
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is o...
Soflyy Wp All Import=3.4.9
=3.4.9
CVE-2018-16257
** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only a...
Soflyy Wp All Import=3.4.9
=3.4.9
CVE-2018-16259
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Impo...
Soflyy Wp All Import=3.4.9
=3.4.9
CVE-2018-16255
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be...
Soflyy Wp All Import=3.4.9
=3.4.9
CVE-2018-16256
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is...
Soflyy Wp All Import=3.4.9
=3.4.9
CVE-2018-16254
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be ...
Soflyy Wp All Import=3.4.9
=3.4.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203