Threat Entry Updated 2025-01-04

CVE-2024-12701 - Wp Smart Import Plugin

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Wp Smart Import

CVE-2024-12701

MEDIUM CVSS 6.1 2025-01-04

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-13

CVE-2024-32597 - Wp Smart Import Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7.

PLUGIN Wp Smart Import

CVE-2024-32597

MEDIUM CVSS 5.9 2024-04-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-08

CVE-2024-30201 - Wp Smart Import Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.

PLUGIN Wp Smart Import

CVE-2024-30201

HIGH CVSS 7.1 2024-03-27

Risk Score

Open Full Technical Breakdown