Vulnerabilities and security researches foradvanced-import advanced-import

Jun 07, 2024

CVE, Research URL: CVE-2022-3677
Home page URL: Security reports for Advanced Import : One Click Import for WordPress or Theme Demo Data
Application: Advanced Import : One Click Import for WordPress or Theme Demo Data
Date: Dec 05, 2022
Research Description: The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks
Affected versions: max 1.3.8.
Status: vulnerable

CVE, Research URL: 7116148637734d0196c3ab9d63ff3380b4fee675
Home page URL: Security reports for Advanced Import : One Click Import for WordPress or Theme Demo Data
Application: Advanced Import : One Click Import for WordPress or Theme Demo Data
Date: Feb 19, 2020
Research Description: Advanced Import [advanced-import] < 1.0.8 WordPress Advanced Import plugin <= 1.0.7 - Unauthenticated Database Reset vulnerability leading to Privilege Escalation Unauthenticated Database Reset vulnerability leading to Privilege Escalation discovered by NinTechNet in WordPress Advanced Import plugin (versions <= 1.0.7).
Affected versions: max 1.0.8.
Status: vulnerable

Jun 19, 2026

CVE, Research URL: CVE-2026-4328
Home page URL: Security reports for Advanced Import : One Click Import for WordPress or Theme Demo Data
Application: Advanced Import : One Click Import for WordPress or Theme Demo Data
Date: Jun 19, 2026
Research Description: The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wp_remote_get() to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in the demo_download_and_unzip() function. The 'demo_file' parameter from $_POST is passed through sanitize_text_field() (which only handles XSS-related sanitization) and then directly into wp_remote_get() when 'demo_file_type' is set to 'url'. Notably, the plugin uses wp_safe_remote_get() in other locations (theme template libraries) which would provide SSRF protection, but fails to use it in this critical AJAX handler. This makes it possible for authenticated attackers, with Author-level access and above (upload_files capability), to make web requests to arbitrary locations originating from the web application, which can be used to query and view data from internal services, including cloud instance metadata endpoints.
Affected versions: max 2.0.0.
Status: vulnerable