CVE-2026-2830

Name of the Vulnerable Software and Affected Versions WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress versions through 4.0.0

Description The software contains a Reflected Cross-Site Scripting issue due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially executing if a user is tricked into performing an action like clicking a malicious link. The vulnerability is present in the filepath parameter.

Recommendations Update to a version beyond 4.0.0.