This page lists publicly disclosed CVE vulnerabilities affecting xylusthemes wp_smart_import (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-47453 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import wp-smart-import allows PHP Local File Inclusion.This issue affects WP Smart Import: from n/a through <= 1.1.3. | [email protected] | 8.1 | 0.60% | 2025-05-23 | 2026-06-17 |
| CVE-2024-32597 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7. | [email protected] | 5.9 | 0.31% | 2024-04-18 | 2026-06-17 |
| CVE-2024-30201 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4. | [email protected] | 7.1 | 0.40% | 2024-03-27 | 2026-06-17 |
| CVE-2022-40209 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. | [email protected] | 6.1 | 0.41% | 2022-12-06 | 2026-06-17 |
| CVE-2020-24147 | Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | [email protected] | 9.1 | 1.61% | 2021-07-07 | 2026-06-16 |