Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High1
Medium2
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-11-21

CVE-2025-12894 - Export And Import Csv And Xml Files To Wordpress Plugin

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp.

PLUGIN Export And Import Csv And Xml Files To Wordpress

CVE-2025-12894

MEDIUM CVSS 5.3 2025-11-21
Open Full Technical Breakdown
Threat Entry Updated 2025-11-04

CVE-2025-12137 - Export And Import Csv And Xml Files To Wordpress Plugin

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the 'attach_file()' function when handling 'file_local' actions. This makes it possible for authenticated attackers, with administrator-level access and above, to read arbitrary files on the server's filesystem, including sensitive configuration files and system files via the 'local_url' parameter.

PLUGIN Export And Import Csv And Xml Files To Wordpress

CVE-2025-12137

MEDIUM CVSS 4.9 2025-11-01
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-13562 - Export And Import Csv And Xml Files To Wordpress Plugin

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.

PLUGIN Export And Import Csv And Xml Files To Wordpress

CVE-2024-13562

HIGH CVSS 7.5 2025-01-25
Open Full Technical Breakdown
Scroll to top