Wpallimport Wp All Import – Drag & Drop Import For Csv, Xml, Excel & Google Sheets
4 CVEs affecting Wpallimport Wp All Import – Drag & Drop Import For Csv, Xml, Excel & Google Sheets. Latest disclosed: 2026-03-06. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12733 | High | 8.8 | 2025-11-13 | The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and inclu… |
CVE-2025-10001 | High | 7.2 | 2025-09-10 | The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the impo… |
CVE-2022-1565 | High | 7.2 | 2022-07-18 | The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, a… |
CVE-2026-2830 | Medium | 6.1 | 2026-03-06 | The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepa… |