cbcvebase.

Vjinfotech Wp Import Export Lite vulnerabilities

5 known vulnerabilities affecting vjinfotech/wp_import_export_lite.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-5061P2HIGHCVSS 8.8fixed in 3.9.30≤ 3.9.292025-08-05
CVE-2025-5061 [HIGH] CWE-434 CVE-2025-5061: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missin The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to uploa
nvd
CVE-2025-6207P2HIGHCVSS 8.8fixed in 3.9.29≤ 3.9.282025-08-05
CVE-2025-6207 [HIGH] CWE-434 CVE-2025-6207: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missin The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload
nvd
CVE-2022-0236P3HIGHCVSS 7.5≤ 3.9.15≥ 3.9.15, ≤ 3.9.152022-01-18
CVE-2022-0236 [HIGH] CWE-862 CVE-2022-0236: The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthentica The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported o
nvd
CVE-2024-31308P3HIGHCVSS 7.2fixed in 3.9.27≥ n/a, ≤ 3.9.262024-04-07
CVE-2024-31308 [HIGH] CWE-502 CVE-2024-31308: Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affec Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.
nvd
CVE-2025-2839P4MEDIUMCVSS 5.4fixed in 3.9.28≤ 3.9.272025-04-22
CVE-2025-2839 [MEDIUM] CWE-79 CVE-2025-2839: The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web script
nvd
Vjinfotech Wp Import Export Lite vulnerabilities | cvebase