Primary

Context

Import WP WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure exists in the Import WP – Export and Import CSV and XML files to WordPress plugin, in all versions through 2.14.17. The issue arises from the import/export functionality and the absence of proper .htaccess protection, enabling unauthenticated attackers to access sensitive data from exports stored in the /exportwp directory and import data into the /importwp directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as debug log files, session data, and export files.

Remediation

Users can update to version 2.14.18 or a newer patched version to address this vulnerability.

Added: Nov 21, 2025, 8:25 AM

Updated: Nov 21, 2025, 3:58 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

8.2

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

8.2

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Import WP WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Import WP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating