WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Import any XML or CSV File to WordPress

2022-10-14
WP All Import < 3.6.9 - Admin+ Directory traversal via file upload
Fixed in version 3.6.9
2022-10-14
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
Fixed in version 3.6.9
2022-07-01
WP All Import < 3.6.8 - Admin+ Arbitrary File Upload
Fixed in version 3.6.8
2022-06-28
Import any XML or CSV File to WordPress < 3.6.8 - Admin+ Arbitrary Code Execution
Fixed in version 3.6.8
2021-12-07
WP All Import < 3.6.5 - Reflected Cross-Site Scripting
Fixed in version 3.6.5
2021-11-02
WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting
Fixed in version 3.6.3
2018-03-08
Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)
Fixed in version 3.4.6
2018-03-08
Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting (XSS)
Fixed in version 3.4.7
2017-10-08
Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)
Fixed in version 3.4.6
2015-03-17
Import any XML or CSV File to WordPress <= 3.2.4 - Multiple Vulnerabilities
Fixed in version 3.2.5
2015-02-26
Import any XML or CSV File to WordPress <= 3.2.3 - RCE
Fixed in version 3.2.4