CVE-2025-5061
- EPSS 0.6%
- Veröffentlicht 05.08.2025 07:24:15
- Zuletzt bearbeitet 13.08.2025 19:01:34
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated...
CVE-2025-6207
- EPSS 0.41%
- Veröffentlicht 05.08.2025 07:24:14
- Zuletzt bearbeitet 12.08.2025 16:29:41
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated a...
CVE-2025-2839
- EPSS 0.02%
- Veröffentlicht 22.04.2025 05:27:23
- Zuletzt bearbeitet 07.08.2025 18:32:11
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it poss...
CVE-2024-31308
- EPSS 0.24%
- Veröffentlicht 07.04.2024 18:15:12
- Zuletzt bearbeitet 08.08.2025 02:00:14
Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.
CVE-2022-0236
- EPSS 37.39%
- Veröffentlicht 18.01.2022 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:38:12
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/cl...