Vulnerabilities and security researches forjson-content-importer json-content-importer

Jun 07, 2024

CVE, Research URL: CVE-2023-25485
Home page URL: Security reports for Get Use APIs – JSON Content Importer
Application: Get Use APIs – JSON Content Importer
Date: Apr 26, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.
Affected versions: max 1.3.16.
Status: vulnerable

CVE, Research URL: CVE-2023-6268
Home page URL: Security reports for Get Use APIs – JSON Content Importer
Application: Get Use APIs – JSON Content Importer
Date: Dec 27, 2023
Research Description: The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: max 1.5.4.
Status: vulnerable

Jul 15, 2024

CVE, Research URL: CVE-2024-38723
Home page URL: Security reports for Get Use APIs – JSON Content Importer
Application: Get Use APIs – JSON Content Importer
Date: Jul 22, 2024
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
Affected versions: max 1.6.0.
Status: vulnerable

Mar 30, 2026

CVE, Research URL: CVE-2025-15363
Home page URL: Security reports for Get Use APIs – JSON Content Importer
Application: Get Use APIs – JSON Content Importer
Date: Mar 18, 2026
Research Description: The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configurations.
Affected versions: max 2.0.10.
Status: vulnerable