Vulnerabilities > Soflyy

DATE CVE VULNERABILITY TITLE RISK
2019-08-20 CVE-2015-9329 Cross-site Scripting vulnerability in Soflyy WP ALL Import
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
network
low complexity
soflyy CWE-79
6.1
2019-04-12 CVE-2018-16259 Cross-site Scripting vulnerability in Soflyy WP ALL Import 3.4.9
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit.
network
low complexity
soflyy CWE-79
6.1
2019-04-12 CVE-2018-16258 Cross-site Scripting vulnerability in Soflyy WP ALL Import 3.4.9
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type.
network
low complexity
soflyy CWE-79
6.1
2019-04-12 CVE-2018-16257 Cross-site Scripting vulnerability in Soflyy WP ALL Import 3.4.9
There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template.
network
low complexity
soflyy CWE-79
6.1
2019-04-12 CVE-2018-16256 Cross-site Scripting vulnerability in Soflyy WP ALL Import 3.4.9
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule).
network
low complexity
soflyy CWE-79
6.1
2019-04-12 CVE-2018-16255 Cross-site Scripting vulnerability in Soflyy WP ALL Import 3.4.9
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate.
network
low complexity
soflyy CWE-79
6.1
2019-04-12 CVE-2018-16254 Cross-site Scripting vulnerability in Soflyy WP ALL Import 3.4.9
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options.
network
low complexity
soflyy CWE-79
6.1
2018-03-09 CVE-2018-0547 Cross-site Scripting vulnerability in Soflyy WP ALL Import
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
soflyy CWE-79
6.1
2018-03-09 CVE-2018-0546 Cross-site Scripting vulnerability in Soflyy WP ALL Import
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
soflyy CWE-79
6.1