WordPress Plugin Vulnerabilities

Import any XML or CSV File to WordPress <= 3.2.4 - Multiple Vulnerabilities

Description

Multiple issues were fixed, such as Authenticated SQL Injection, Authenticated Reflected XSS and Unauthorised access to some methods

Affects Plugins

Plugin icon
wp-all-import
Fixed in 3.2.5

References

CVE
CVE-2015-9329
CVE
CVE-2015-9330
URL
http://www.wpallimport.com/2015/03/wp-import-4-1-2-security-update/

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
361083d0-01db-49f7-a98f-1bd388db7c55

Timeline

Publicly Published
2015-03-17 (about 11 years ago)
Added
2015-03-17 (about 11 years ago)
Last Updated
2020-10-20 (about 5 years ago)

Other

Published
Title
Published
2014-12-19
Title
iTwitter <= 0.04 - XSS & CSRF
Published
2015-01-12
Title
WP Unique Article Header Image 1.0 - CSRF & XSS
Published
2016-03-11
Title
DZS Videogallery Plugin <= 8.60 - Multiple Vulnerabilities
Published
2017-03-22
Title
Invite Anyone < 1.3.16 - Multiple Issues
Published
2016-03-07
Title
SP Projects & Document Manager < 2.6.0.0 - Multiple Vulnerabilities