Browse all 4 CVE security advisories affecting wpallimport. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2830 | WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-94 | 6.1 | Medium | 2026-03-06 |
| CVE-2025-12733 | Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-94 | 8.8 | High | 2025-11-13 |
| CVE-2025-10001 | Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-434 | 7.2 | High | 2025-09-10 |
| CVE-2022-1565 | Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-434 | 7.2 | High | 2022-07-18 |
This page lists every published CVE security advisory associated with wpallimport. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.