Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Wp all import'
2021-12-06
CVE-2021-24714
CWE-79
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.
2019-08-20
CVE-2018-20978
CWE-79
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
CVE-2017-18567
CWE-79
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
CVE-2015-9331
CWE-254
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
CVE-2015-9330
CWE-89
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
CVE-2015-9329
CWE-79
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
2019-04-12
CVE-2018-16259
CWE-79
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
CVE-2018-16258
CWE-79
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
CVE-2018-16257
CWE-79
** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
CVE-2018-16256
CWE-79
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Wp all import' 