CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16257
https://notcve.org/view.php?id=CVE-2018-16257
12 Apr 2019 — There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator Hay múltiples vulnerabilidades de XSS (cross site scripting) en el plugin WP All Import, versión 3.49 para WordPress, vía action=template.NOTA: El proveedor declara que esto no es una vulnerabilida... • https://ansawaf.blogspot.com/2019/04/xss-in-import-any-xml-or-csv-file-for.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16256
https://notcve.org/view.php?id=CVE-2018-16256
12 Apr 2019 — There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator ** EN DISPUTA ** Vulnerabilidad de Cross-Site Scripting (XSS) en el plugin WP All Import versión 3.4.9 para WordPress mediante Add Filtering Options(Add Rule).NOTA: El proveedor declara que ... • https://ansawaf.blogspot.com/2019/04/xss-in-import-any-xml-or-csv-file-for.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16255
https://notcve.org/view.php?id=CVE-2018-16255
12 Apr 2019 — There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator ** EN DISPUTA ** Hay una vulnerabilidad de tipo XSS en el plugin WP All Import para WordPress, versión 3.4.9, a través de action=evaluate.NOTA: El proveedor declara que esto no es una vulnerabilidad. WP All... • https://ansawaf.blogspot.com/2019/04/xss-in-import-any-xml-or-csv-file-for.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16254
https://notcve.org/view.php?id=CVE-2018-16254
12 Apr 2019 — There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator ** EN DISPUTA ** Hay una vulnerabilidad Cross-site scripting (XSS) en el plugin WP All Import versión 3.4.9 para WordPress a través de action=options.NOTA: El proveedor declara que esto no es una vulnerabili... • https://ansawaf.blogspot.com/2019/04/xss-in-import-any-xml-or-csv-file-for.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0546 – WP All Import <= 3.4.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0546
08 Mar 2018 — Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en el plugin WP All Import, en versiones anteriores a la 3.4.6 para WordPress, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN33527174/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0547 – WP All Import <= 3.4.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0547
08 Mar 2018 — Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en el plugin WP All Import, en versiones anteriores a la 3.4.7 para WordPress, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN60032768/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20978 – Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20978
07 Mar 2018 — The wp-all-import plugin before 3.4.7 for WordPress has XSS. El plugin wp-all-import antes de 3.4.7 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-all-import/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18567 – Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18567
08 Oct 2017 — The wp-all-import plugin before 3.4.6 for WordPress has XSS. El plugin wp-all-import antes de 3.4.6 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-all-import/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9330 – Import any XML or CSV File to WordPress < 3.2.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9330
12 Mar 2015 — The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. El plugin wp-all-import antes de 3.2.5 para WordPress tiene inyección SQL ciega. • https://wordpress.org/plugins/wp-all-import/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9329 – Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9329
26 Feb 2015 — The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. El plugin wp-all-import antes de 3.2.5 para WordPress ha reflejado XSS. The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into perfor... • https://wordpress.org/plugins/wp-all-import/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •