| CVE-2025-48144 | WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability | sidngr | Import Export For WooCommerce | High | 7.1 | 2025-05-16 15:45:16 | Deep Dive |
| CVE-2025-2839 | WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | vjinfotech | WP Import Export Lite | Medium | 6.4 | 2025-04-22 05:27:24 | Deep Dive |
| CVE-2025-32674 | WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability | WPFactory | Product Excel Import Export & Bulk Edit for WooCommerce | High | 7.1 | 2025-04-17 15:46:59 | Deep Dive |
| CVE-2025-2008 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.8 | 2025-04-01 04:21:21 | Deep Dive |
| CVE-2025-2007 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.1 | 2025-04-01 04:21:20 | Deep Dive |
| CVE-2025-1911 | Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | Low | 2.7 | 2025-03-26 11:55:53 | Deep Dive |
| CVE-2025-1913 | Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | High | 7.2 | 2025-03-26 11:55:53 | Deep Dive |
| CVE-2025-1912 | Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | High | 7.6 | 2025-03-26 11:55:52 | Deep Dive |
| CVE-2025-1769 | Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | Medium | 4.9 | 2025-03-26 11:22:09 | Deep Dive |
| CVE-2025-1973 | Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Export and Import Users and Customers | Medium | 4.9 | 2025-03-22 11:23:32 | Deep Dive |
| CVE-2025-1970 | Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Export and Import Users and Customers | High | 7.6 | 2025-03-22 11:18:41 | Deep Dive |
| CVE-2025-1971 | Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Export and Import Users and Customers | High | 7.2 | 2025-03-22 11:18:41 | Deep Dive |
| CVE-2025-1972 | Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function | webtoffee | Export and Import Users and Customers | Low | 2.7 | 2025-03-22 11:18:40 | Deep Dive |
| CVE-2024-13920 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Order Export & Order Import for WooCommerce | Medium | 4.9 | 2025-03-20 11:11:28 | Deep Dive |
| CVE-2024-13921 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Order Export & Order Import for WooCommerce | High | 7.2 | 2025-03-20 11:11:28 | Deep Dive |
| CVE-2024-13923 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Order Export & Order Import for WooCommerce | High | 7.6 | 2025-03-20 11:11:26 | Deep Dive |
| CVE-2024-13922 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function | webtoffee | Order Export & Order Import for WooCommerce | Low | 2.7 | 2025-03-20 11:11:26 | Deep Dive |
| CVE-2024-13232 | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation | ddeveloper | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data | High | 8.8 | 2025-03-05 09:21:51 | Deep Dive |
| CVE-2025-27271 | WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | Alberto Cocchiara | DB Tables Import/Export | High | 7.1 | 2025-03-03 13:30:30 | Deep Dive |
| CVE-2024-7425 | WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update | WP All Import | WP All Export Pro | Medium | 6.8 | 2025-02-07 16:21:21 | Deep Dive |