PT-2025-47698 · WordPress · Import Wp – Export/Import Csv/Xml Files To Wordpress
Published
2025-11-21
·
Updated
2025-11-21
·
CVE-2025-12894
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Import WP – Export and Import CSV and XML files to WordPress plugin versions prior to 2.14.18
Description
The Import WP plugin for WordPress is susceptible to sensitive information exposure. This issue stems from a lack of .htaccess protection and vulnerabilities within the import/export functionality. Unauthenticated attackers may be able to extract sensitive data from exports stored in the
/exportwp directory and import data stored in the /importwp directory.Recommendations
Update to version 2.14.18 or later.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Import Wp – Export/Import Csv/Xml Files To Wordpress