CVE-2025-10001
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-09-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wp_all_import | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Import any XML, CSV or Excel File to WordPress plugin up to version 3.9.3. It allows authenticated users with Administrator-level access or higher to upload arbitrary files because the plugin does not properly validate file types during import. This can enable attackers to upload unsafe files such as .phar files, potentially leading to remote code execution on the affected server.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with Administrator-level access to upload malicious files to the server hosting the WordPress site. This can lead to remote code execution, compromising the server, stealing data, defacing the website, or using the server for further attacks.