Import Wp

import_wp

Vendor: Importwp • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13562 1Importwp 1Import Wp Feb 4, 2025 Jan 25, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it...Show more The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.Show less
CVE-2023-7253 1Importwp 1Import Wp May 8, 2025 Apr 24, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.
CVE-2022-1273 1Importwp 1Import Wp Nov 21, 2024 May 2, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE