Soflyy — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Soflyy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Soflyy:WP All Import Pro WP All Import Oxygen Builder Import any XML or CSV File to WordPress (WordPress plugin)Breakdance Import any XML or CSV File to WordPress WP Dynamic Links WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel WP Wizard Cloak

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53237	WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — WP Wizard CloakCWE-79	6.1^AI	Medium^AI	2026-02-20
CVE-2026-1582	WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling — WP All Export – Drag & Drop Export to Any Custom CSV, XML & ExcelCWE-200	3.7	Low	2026-02-18
CVE-2025-49038	WordPress WP Dynamic Links plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — WP Dynamic LinksCWE-79	7.1	High	2025-08-14
CVE-2024-9664	WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) PHP Object Injection via Import File — WP All Import ProCWE-502	7.2	High	2025-02-07
CVE-2024-9661	WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion — WP All Import ProCWE-352	4.3	Medium	2025-02-07
CVE-2024-8722	WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload — WP All Import ProCWE-79	5.5	Medium	2025-01-19
CVE-2024-9624	WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import — WP All Import ProCWE-918	7.6	High	2024-12-17
CVE-2024-31939	WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability — Import any XML or CSV File to WordPressCWE-352	4.3	Medium	2024-04-10
CVE-2024-31380	WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability — Oxygen BuilderCWE-94	9.9	Critical	2024-04-03
CVE-2024-31390	WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability — BreakdanceCWE-94	9.9	Critical	2024-04-03
CVE-2022-46841	WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) — Oxygen BuilderCWE-352	5.4	Medium	2023-10-03
CVE-2022-36386	WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability — Import any XML or CSV File to WordPress (WordPress plugin)	9.1	Critical	2022-09-21
CVE-2018-0546	WordPress WP All Import插件跨站脚本漏洞 — WP All Import	5.4	-	2018-03-09
CVE-2018-0547	WordPress WP All Import插件跨站脚本漏洞 — WP All Import	5.4	-	2018-03-09

This page lists every published CVE security advisory associated with Soflyy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Soflyy — Vulnerabilities & Security Advisories 14