Wpallimport Wp All Import vulnerabilities
2 known vulnerabilities affecting wpallimport/wp_all_import.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-1565P3HIGHCVSS 7.2PoCfixed in 3.6.82022-07-18
CVE-2022-1565 [HIGH] CWE-434 CVE-2022-1565: The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remot
nvd
CVE-2024-32431P3HIGHCVSS 7.2fixed in 1.32024-04-15
CVE-2024-32431 [HIGH] CWE-502 CVE-2024-32431: Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue af
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2.
nvd