WP All Import Issues Precautionary Security Update: Users urged to update
WordPress plugin developers Soflyy, makers of the WP All Import plugin for WordPress, issued a precautionary security update to their plugin that relates to SQL Injection and XSS (cross-site scripting) vulnerabilities. WP All Import’s easy-to-use drag & drop interface makes it possible to import data from any XML or CSV file, no matter the structure, to any place in WordPress.
These security updates address vulnerabilities in WP All Import related to blind SQL injection, accessing WP All Import methods without being logged in as admin, and reflected XSS.
Users of the plugin are urged to update their installations of the WP All Import plugin.