Browse all 4 CVE security advisories affecting wpallimport. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPAllImport is a WordPress plugin designed for importing and managing content, particularly through CSV and XML files. Historically, it has been susceptible to multiple security vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, primarily stemming from insufficient input validation and improper file handling. The plugin's four recorded CVEs highlight these risks, with some instances allowing unauthenticated attackers to execute arbitrary code or manipulate database queries. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities underscores the importance of maintaining updated versions and implementing proper access controls to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2830 | WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-94 | 6.1 | Medium | 2026-03-06 |
| CVE-2025-12733 | Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-94 | 8.8 | High | 2025-11-13 |
| CVE-2025-10001 | Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-434 | 7.2 | High | 2025-09-10 |
| CVE-2022-1565 | Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-434 | 7.2 | High | 2022-07-18 |
This page lists every published CVE security advisory associated with wpallimport. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.