RSS   Vulnerabilities for 'Wp all import'   RSS

2019-08-20
 
CVE-2018-20978

CWE-79
 

 
The wp-all-import plugin before 3.4.7 for WordPress has XSS.

 
 
CVE-2017-18567

CWE-79
 

 
The wp-all-import plugin before 3.4.6 for WordPress has XSS.

 
 
CVE-2015-9331

CWE-254
 

 
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.

 
 
CVE-2015-9330

CWE-89
 

 
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.

 
 
CVE-2015-9329

CWE-79
 

 
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.

 
2019-04-12
 
CVE-2018-16259

CWE-79
 

 
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.

 
 
CVE-2018-16258

CWE-79
 

 
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.

 
 
CVE-2018-16257

CWE-79
 

 
** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.

 
 
CVE-2018-16256

CWE-79
 

 
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.

 
 
CVE-2018-16255

CWE-79
 

 
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.

 


Copyright 2019, cxsecurity.com

 

Back to Top