Primary

Context

Import WP WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure exists in the Import WP – Export and Import CSV and XML files to WordPress plugin, affecting all versions through 2.14.5. The vulnerability arises from unprotected files in the uploads directory, enabling unauthenticated attackers to access sensitive data, such as user information and imported files, stored insecurely in the wp-content/uploads directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including user data and files, stored in the wp-content/uploads directory.

Remediation

Users can update to version 2.14.6 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Import WP WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Import WP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating