N/A
2026-03-05< 4.0.1
WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets
Minimum safe version
4.0.1
Update to 4.0.1 or later to address 27 fixable vulnerabilities
Latest available4.0.1 ✓Affected up to3.4.9 ⚠
High 8.8
2025-11-13< 4.0.0
CVE-2025-12733
High 7.2
2025-09-10< 3.9.4
CVE-2025-10001
N/A
2025-04-07< 3.9.0
Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel)
Medium 4.3
2025-02-03< 3.8.0
WordPress WP All Import Plugin <= 3.7.9 is vulnerable to Cross Site Request Forgery (CSRF)
Medium 4.3
2024-04-10< 3.7.4
CVE-2024-31939
High 7.2
2024-01-22< 3.7.3
CVE-2023-7082
N/A
< 3.6.5
WP All Import < 3.6.5 - Reflected Cross-Site Scripting
N/A
2020-02-19< 3.2.5
Import any XML or CSV File to WordPress <= 3.2.4 - Missing Authorization and Cross-Site Request Forgery Checks
N/A
2020-02-19< 3.2.5
Import any XML or CSV File to WordPress <= 3.2.4 - SQL Injection
N/A
2022-06-02< 3.6.7
Import any XML or CSV File to WordPress <= 3.6.6 - Reflected Cross-Site Scripting
High 7.2
2023-10-17< 3.6.9
WordPress Import any XML or CSV File to WordPress Plugin <= 3.6.8 is vulnerable to Directory Traversal
High 7.2
2023-10-14< 3.6.9
WordPress Import any XML or CSV File to WordPress Plugin <= 3.6.8 is vulnerable to Arbitrary File Upload
Critical 9.1
2022-09-21< 3.6.8
CVE-2022-36386
High 7.2
2022-07-04< 3.6.8
CVE-2022-2268
High 7.2
2022-07-18< 3.6.8
CVE-2022-1565
N/A
2015-03-17< 3.2.5
WordPress WP All Import Plugin <= 3.2.4 - Multiple Vulnerabilities
N/A
2015-02-26< 3.2.4
WordPress WP All Import Plugin <= 3.2.3 - Remote Code Execution
N/A
2017-10-17< 3.4.6
WordPress Import any XML or CSV File to WordPress plugin <=3.4.5 - Cross-Site Scripting (XSS) vulnerability
Medium 6.1
2018-03-13< 3.4.7
WordPress Import any XML or CSV File to WordPress plugin <=3.4.6 - Cross-Site Scripting (XSS) vulnerability
Medium 6.1
2018-03-12< 3.4.6
WordPress Import any XML or CSV File to WordPress plugin <=3.4.5 - Cross-Site Scripting (XSS) vulnerability
Medium 6.1
2019-04-12≤ 3.4.9
CVE-2018-16259
Medium 6.1
2019-04-12≤ 3.4.9
CVE-2018-16258
Medium 6.1
2019-04-12≤ 3.4.9
CVE-2018-16256
Medium 6.1
2019-04-12≤ 3.4.9
CVE-2018-16254
Medium 6.1
2019-04-12≤ 3.4.9
CVE-2018-16255
Medium 6.1
2019-04-12≤ 3.4.9
CVE-2018-16257
Medium 6.1
2019-08-20< 3.4.7
CVE-2018-20978
Critical 9.8
2019-08-20< 3.2.5
CVE-2015-9330
Medium 6.1
2019-08-20< 3.2.5
CVE-2015-9329
Medium 6.1
2019-08-20< 3.4.6
CVE-2017-18567
High 7.5
2019-08-20< 3.2.4
CVE-2015-9331
Medium 4.8
2021-12-06< 3.6.3
CVE-2021-24714