关键信息 CVE Identifier: CVE-2025-12733 CVSS Score: 8.8 (High) Publicly Published: November 12, 2025 Last Updated: November 13, 2025 Researcher: tmrswwr Vulnerability Details Software Type: Plugin Software Slug: wp-all-import (view on wordpress.org) Patched?: Yes Remediation: Update to version 4.0.0, or a newer patched version Affected Version: <= 3.9.6 Patched Version: 4.0.0 Summary Vulnerability: Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic Impact: Attackers with import capabilities can inject and execute arbitrary PHP code on the server via crafted import templates.