Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
soflyy vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-20978
The wp-all-import plugin prior to 3.4.7 for WordPress has XSS.
Soflyy Wp All Import
668
VMScore
CVE-2015-9330
The wp-all-import plugin prior to 3.2.5 for WordPress has blind SQL injection.
Soflyy Wp All Import
578
VMScore
CVE-2022-2268
The Import any XML or CSV File to WordPress plugin prior to 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
Soflyy Wp All Import
NA
CVE-2022-3418
The Import any XML or CSV File to WordPress plugin prior to 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files
Soflyy Wp All Import
NA
CVE-2022-2711
The Import any XML or CSV File to WordPress plugin prior to 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a ...
Soflyy Wp All Import
NA
CVE-2022-36386
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
Soflyy Wp All Import
383
VMScore
CVE-2015-9329
The wp-all-import plugin prior to 3.2.5 for WordPress has reflected XSS.
Soflyy Wp All Import
445
VMScore
CVE-2015-9331
The wp-all-import plugin prior to 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
Soflyy Wp All Import
383
VMScore
CVE-2017-18567
The wp-all-import plugin prior to 3.4.6 for WordPress has XSS.
Soflyy Wp All Import
383
VMScore
CVE-2018-16254
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...
Soflyy Wp All Import 3.4.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »