Primary

Context

WP All Import Pro Cross-Site Request Forgery Vulnerability Allowing Content Deletion

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP All Import Pro plugin for WordPress, affecting all versions through 4.9.7. The issue arises from inadequate nonce validation in the delete_and_edit function, enabling unauthenticated attackers to delete imported content such as posts, comments, and users. This exploitation requires tricking a site administrator into clicking a link that initiates the deletion.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of imported content, including posts, comments, and users, from a WordPress site.

Remediation

Users can update to WP All Import Pro version 4.9.8 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP All Import Pro Cross-Site Request Forgery Vulnerability Allowing Content Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating