cleantalk
Vulnerabilities and Security Researches

Import any XML or CSV File to WordPress, CVE-2018-16257

CVE, Research URL

CVE-2018-16257

Home page URL

Security reports for Import any XML or CSV File to WordPress

Application

Import any XML or CSV File to WordPress

Published on
Apr 13, 2019
Research Description
There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
Affected versions
Min -, max 3.4.9.
Status
vulnerable
Previous vulnerability researches
Import any XML or CSV File to WordPress (CVE-2018-0547) , Jun 07, 2024
Import any XML or CSV File to WordPress (CVE-2022-2268) , Jun 07, 2024
Import any XML or CSV File to WordPress (CVE-2022-36386) , Jun 07, 2024
Import any XML or CSV File to WordPress (CVE-2022-3418) , Jun 07, 2024
Import any XML or CSV File to WordPress (CVE-2022-2711) , Jun 07, 2024
New vulnerability
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025
Advanced Settings (CVE-2025-58996) , Oct 12, 2025
FancyTabs (CVE-2025-8560) , Oct 12, 2025