Which WP Smart Import : Import any XML File to WordPress CVEs are tracked?

WP Smart Import : Import any XML File to WordPress tracked CVEs include CVE-2025-47453, CVE-2020-24147, CVE-2024-32597, CVE-2024-12701, and CVE-2024-30201.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 6 known issues Latest disclosed May 21, 2025

WP Smart Import : Import any XML File to WordPress Vulnerabilities

Q: How many WP Smart Import : Import any XML File to WordPress vulnerabilities have patch guidance?

6 of 6 tracked WP Smart Import : Import any XML File to WordPress records include a published patch path.

Review known vulnerability records for the WordPress plugin WP Smart Import : Import any XML File to WordPress (`wp-smart-import`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-47453, CVE-2024-12701 and CVE-2024-32597, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

May 29, 2025

Priority CVE Quick Links

Fast paths into WP Smart Import : Import any XML File to WordPress CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-47453 Critical 1.1.4

CVE-2025-47453 WP Smart Import : Import any XML File to WordPress Local File Inclusion

WP Smart Import <= 1.1.3 - Unauthenticated Local File Inclusion

CVE-2020-24147 Critical 1.0.1

CVE-2020-24147 WP Smart Import : Import any XML File to WordPress Server-Side Request Forgery

WordPress Importer : Import any XML File to WordPress < 1.0.1 - Server-Side Request Forgery

CVE-2024-32597 Medium 1.1.0

CVE-2024-32597 WP Smart Import : Import any XML File to WordPress Stored Cross-Site Scripting

WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting

CVE-2024-12701 Medium 1.1.3

CVE-2024-12701 WP Smart Import : Import any XML File to WordPress Cross-Site Scripting

WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting

CVE-2024-30201 Medium 1.0.5

CVE-2024-30201 WP Smart Import : Import any XML File to WordPress Cross-Site Scripting

WordPress Importer <= 1.0.4 - Reflected Cross-Site Scripting

CVE-2022-40209 Medium 1.0.3

CVE-2022-40209 WP Smart Import : Import any XML File to WordPress Cross-Site Scripting

WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Smart Import : Import any XML File to WordPress so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

6 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

2 critical and 0 high severity findings.

Recent CVEs

CVE-2025-47453, CVE-2024-12701 and CVE-2024-32597

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-47453 Critical Patch path listed

CVE-2025-47453: WP Smart Import <= 1.1.3 - Unauthenticated Local File Inclusion

The WP Smart Import plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to include and ex...

Published

May 21, 2025

Patch Status

1.1.4

Open CVE-2025-47453 Report

CVE-2024-12701 Medium Patch path listed

CVE-2024-12701: WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1....

Published

Jan 03, 2025

Patch Status

1.1.3

Open CVE-2024-12701 Report

CVE-2024-32597 Medium Patch path listed

CVE-2024-32597: WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.7 due to insufficient input...

Published

Apr 16, 2024

Patch Status

1.1.0

Open CVE-2024-32597 Report

Known Vulnerabilities

Reports for WP Smart Import : Import any XML File to WordPress

Sorted by latest disclosure date so newly published issues surface first.

Plugin Critical Patched: Yes CVE-2025-47453

CVE-2025-47453: WP Smart Import <= 1.1.3 - Unauthenticated Local File Inclusion

The WP Smart Import plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

Published

May 21, 2025

Patched Release

1.1.4

Affected Versions

Versions up to 1.1.3

Next Step

Update to 1.1.4 or newer if supported.

Open CVE-2025-47453 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-12701

CVE-2024-12701: WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Published

Jan 03, 2025

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2024-12701 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-32597

CVE-2024-32597: WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

Published

Apr 16, 2024

Patched Release

1.1.0

Affected Versions

Versions up to 1.0.7

Next Step

Update to 1.1.0 or newer if supported.

Open CVE-2024-32597 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-30201

CVE-2024-30201: WordPress Importer <= 1.0.4 - Reflected Cross-Site Scripting

The WordPress Importer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published

Mar 25, 2024

Patched Release

1.0.5

Affected Versions

Versions up to 1.0.4

Next Step

Update to 1.0.5 or newer if supported.

Open CVE-2024-30201 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-40209

CVE-2022-40209: WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting

The WordPress Importer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published

Oct 11, 2022

Patched Release

1.0.3

Affected Versions

Versions up to 1.0.2

Next Step

Update to 1.0.3 or newer if supported.

Open CVE-2022-40209 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2020-24147

CVE-2020-24147: WordPress Importer : Import any XML File to WordPress < 1.0.1 - Server-Side Request Forgery

Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.

Published

Apr 13, 2021

Patched Release

1.0.1

Affected Versions

Versions before 1.0.1

Next Step

Update to 1.0.1 or newer if supported.

Open CVE-2020-24147 Report Open CVE Reference