Browse all 3 CVE security advisories affecting WP All Import. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP All Import is a WordPress plugin designed for importing and managing large datasets, primarily used for content migration and bulk data operations. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, often stemming from insufficient input validation and improper file handling. Cross-site scripting (XSS) and privilege escalation issues have also been documented, allowing attackers to execute unauthorized actions or compromise user sessions. The plugin's three recorded CVEs highlight persistent security risks, particularly in versions prior to 2021. While no major public incidents have been widely reported, the pattern of vulnerabilities underscores the importance of maintaining updated installations and implementing proper access controls to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-7425 | WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update — WP All Export ProCWE-94 | 6.8 | Medium | 2025-02-07 |
| CVE-2024-7419 | WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields — WP All Export ProCWE-94 | 8.3 | High | 2025-02-07 |
| CVE-2024-32431 | WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection — Import Users from CSVCWE-502 | 4.4 | Medium | 2024-04-15 |
This page lists every published CVE security advisory associated with WP All Import. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.