Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wp_all_import
(Soflyy)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-12 | CVE-2018-16257 | There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | Wp_all_import | 6.1 | ||
| 2019-04-12 | CVE-2018-16258 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | Wp_all_import | 6.1 | ||
| 2019-04-12 | CVE-2018-16259 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | Wp_all_import | 6.1 | ||
| 2019-08-20 | CVE-2017-18567 | The wp-all-import plugin before 3.4.6 for WordPress has XSS. | Wp_all_import | 6.1 | ||
| 2019-08-20 | CVE-2015-9331 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | Wp_all_import | 7.5 | ||
| 2019-08-20 | CVE-2015-9330 | The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | Wp_all_import | 9.8 | ||
| 2019-08-20 | CVE-2015-9329 | The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | Wp_all_import | 6.1 | ||
| 2019-08-20 | CVE-2018-20978 | The wp-all-import plugin before 3.4.7 for WordPress has XSS. | Wp_all_import | 6.1 | ||
| 2018-03-09 | CVE-2018-0547 | Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | Wp_all_import | 6.1 | ||
| 2018-03-09 | CVE-2018-0546 | Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | Wp_all_import | 6.1 |