Risk Free, Backed By Our 90-Day Money Back Guarantee
 - 
Read More
Lifetime Licenses Are Ending Soon, Get Yours Before They're Gone
 - 
Read More
Risk Free, Backed By Our 90-Day Money Back Guarantee
Pricing

You may have seen some references on our site to annual licensing or renewals.

All plugins currently come with a lifetime license, no matter what the site says.

We’re currently running tests before we make the switch to annual pricing. Check the Discounts tab to purchase our other plugins and get a lifetime license before they’re gone.

I Understand I Have a Lifetime License
Now is your last chance to buy a lifetime license before we switch to annual pricing. Existing licenses will be unaffected.
Read More
200,000+ Active Installs
1500+ 5 Star Reviews
Pricing
Now is your last chance to buy a lifetime license before we switch to annual pricing. Existing licenses will be unaffected.
Read More
200,000+ Active Installs
1500+ 5 Star Reviews
Pricing

WP All Import: Important Security Update

Updated September 9, 2025
Arrow
Back to Blog

We recently received notice of a vulnerability in WP All Import. The vulnerability notice was received on a Friday, and then we released the patched versions on the following Monday. We recommend updating to the latest versions as soon as possible.

What’s been released and what does it fix?

WP All Import Pro 4.11.6 and WP All Import Free 3.9.4
  • CVE-2025-10001: Authenticated (Admin+) Limited Unsafe File Upload

Detailed Overview of Vulnerabilities

CVE-2025-10001: Authenticated (Admin+) Limited Unsafe File Upload

Someone granted admin access sufficient to use WP All Import could import a ZIP archive containing a valid file plus one or more executable files. It could then be possible to load any executable files via URL to trigger their payload.

Questions & Answers

Has this vulnerability been exploited?

To the best of our knowledge, this vulnerability has never been exploited maliciously. No user has reported a site being compromised due to this issue. However, it’s common for malicious actors to begin to scan for sites running older versions of plugins that are susceptible to the vulnerabilities. While the nature of these vulnerabilities makes them unsuitable for mass exploitation, we strongly advise you to update as soon as possible.

What if my site was already hacked? Should I be scared?

This vulnerability has existed in WP All Import for a very long time. We've never heard a single report of it being exploited maliciously. It was brought to our attention by a security researcher, not a malicious hacker. If your site is or was recently hacked, it is highly unlikely that this vulnerability was the cause. If you believe that you were hacked as a result of this vulnerability, feel free to get in touch and we’ll see if we can determine if this CVE was involved.

How do I install the update?
  1. Back up your site. Always back up before making significant changes or updating plugins.
  2. Update from your WP Admin Dashboard. Visit Plugins > Installed Plugins, locate WP All Import / WP All Export, and click Update (if available).
  3. Manual update (if needed):
    • Deactivate and delete the old plugin version from your WordPress dashboard. (Don’t worry—your imports/exports, templates, and settings remain in your database.)
    • Download the newest version from your Customer Portal (Pro) or from WordPress.org (Free).
    • Install and activate the new version.

Special thanks to Nguyen Quang Truong (Roll) for reporting the vulnerability via WordFence.

The best import export plugin for WordPress & WooCommerce.

Complete, granular control of your data with an easy to use drag & drop interface.
  • 90 Day Money Back Guarantee
  • Unlimited Installs
  • Lifetime Licence
  • Fast, World-Class Support
Get Started
90 Day Money Back Guarantee

Unlimited Installs.
World-Class Support. Money Back Guarantee.

Packages
Standalone
Import
Pro Package
$199
.00
/yr
Save $494, 71% Discount
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
$693 If Purchased Individually
Buy Now
90 Day Money Back Guarantee
Import + Export Pro Package
$299
.00
/yr
Save $1087, 78% Discount
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
$1386 If Purchased Individually
Buy Now
90 Day Money Back Guarantee
WooCommerce Import Package
$169
.00
/yr
Save $29, 15% Discount
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
$198 If Purchased Individually
Buy Now
90 Day Money Back Guarantee
Lifetime License
$1299
One-Time Payment
  • Import Pro + Export Pro
  • All Current Add-Ons
  • All Future Add-Ons
  • Lifetime Support
  • Lifetime Updates
  • No Renewal Fees
Buy Now
90 Day Money Back Guarantee
Import Standalone
$99
.00
/yr
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
Buy Now
90 Day Money Back Guarantee
Import + Export Standalone
$169
.00
/yr
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
Buy Now
90 Day Money Back Guarantee
Export Standalone
$99
.00
/yr
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
Buy Now
90 Day Money Back Guarantee
Packages
Standalone
Import
Pro Package
$16.58
per month, billed annually
Save $494/yr, 71% Discount
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
$693/yr If Purchased Individually
Buy Now
90 Day Money Back Guarantee
Import + Export Pro Package
$24.92
per month, billed annually
Save $1087/yr, 78% Discount
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
$1386/yr If Purchased Individually
Buy Now
90 Day Money Back Guarantee
WooCommerce Import Package
$14.08
per month, billed annually
Save $29/yr, 15% Discount
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
$198/yr If Purchased Individually
Buy Now
90 Day Money Back Guarantee
Lifetime License
$1399
One-Time Payment
  • Import Pro + Export Pro
  • All Current Add-Ons
  • All Future Add-Ons
  • Lifetime Support
  • Lifetime Updates
  • No Renewal Fees
Buy Now
90 Day Money Back Guarantee
Import Standalone
$8.25
per month, billed annually
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
Buy Now
90 Day Money Back Guarantee
Import + Export Standalone
$14.08
per month, billed annually
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
Buy Now
90 Day Money Back Guarantee
Export Standalone
$8.25
per month, billed annually
  • Import Pro
Import Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
  • Export Pro
Export Add-Ons
  • Woo
  • ACF
  • Meta Box
  • JetEngine
  • Gravity Forms
  • Users
Buy Now
90 Day Money Back Guarantee

Unlimited Installs.
World-Class Support. Money Back Guarantee.

Developer
Pro features to get your WordPress data moving
Normally $299/yr
$149
.00
/yr
Save $150
Import & Export Pro
  • Posts Types, Pages & Taxonomies
  • Custom Fields & Meta Support
  • WordPress Users Support
  • Gravity Forms Entries
  • Developer Tools
  • Pro Settings
    • See detailed list of features
    Buy Now
    90 Day Money Back Guarantee
    Professional
    Everything you need to import and export anything
    Normally $599/yr
    $299
    .00
    /yr
    Save $300
    All Features & Integrations
  • WooCommerce
  • Bulk Editing & Data Migration
  • Advanced Custom Fields
  • JetEngine
  • Meta Box
  • Manual Scheduling
    • See detailed list of features
    Buy Now
    90 Day Money Back Guarantee
    Unlimited Lifetime
    All features and integrations forever for unlimited sites
    Normally $1599
    $1299
    .00
    once
    Limited-Time Offer
    ONE-TIME PAYMENT 
  • Import Pro + Export Pro
  • All Current Features & Integrations
  • All Future Features & Integrations
  • Lifetime Updates
  • Lifetime Support
  • No Renewal Fees
    • See detailed list of features
    Buy Now
    90 Day Money Back Guarantee

    Risk Free with our Money-Back Guarantee

    We would love for you to try WP All Import. Our 90-day money-back guarantee means that if you decide our plugins don’t meet your needs, just let us know, and we’ll gladly give you a full refund, no questions asked.
    200,000+ Active Installs
    1500+ 5 Star Reviews
    Developer
    $149
    .00
    /yr
    Buy Now
    Professional
    $299
    .00
    /yr
    Buy Now
    Ultimate Lifetime
    $1299
    Buy Now
    Unlimited Lifetime Package Features
    included in only in the Ultimate Lifetime Package
    One-Time Payment. No Renewal.
    All Future Add-Ons
    Developer Package Features
    included in all packages
    Untilimited Site Activations
    World-Class Support
    Import & Export Custom Post Types, Pages & Taxonomies
    Import & Export Custom Fields & Meta
    Download Import File from URL & FTP
    Export to CSV, XLSX, and XML
    Import & Export Filters
    Import & Export WordPress Users
    Import & Export Gravity Forms Entries
    Delete Missing Records on Import
    Run PHP Functions on Imports & Exports
    Choose Which Data to Update
    WP_Query Exports
    Secure Client Mode for Exports
    Zapier Integration for Exports
    Professional Package Features
    everything the Developer package, plus:
    Import & Export WooCommerce Products
    Import & Export WooCommerce Product Galleries
    Import & Export WooCommerce Orders
    Import & Export WooCommerce Customers
    Import & Export WooCommerce Reviews & Coupons
    Sync WooCommerce Stock & Prices
    Import & Export ACF Fields
    Import & Export JetEngine Fields
    Import & Export Meta Box Fields
    Export to Google Merchant Center
    Migrate Data Between Sites
    Bulk Edit with Export, Edit, Import
    Manual Scheduling for Imports & Exports

    Have any questions? 

    These are some of the most frequent questions we get about how to get data imported to or exported from WordPress

    Can I use any file type to import my data?

    Absolutely. It doesn't matter how big your CSV file is or what your column names are. Just use our Drag and Drop interface to map incoming data elements to their target fields, and you'll be done in minutes.

    Can I import Excel or Google Sheets to WordPress?

    Yes. Importing any spreadsheet is straightforward. Need to import Google Sheets to WordPress? Just copy and paste its URL. Need to import into WordPress from Excel? Same thing!

    How does my WordPress import data need to be organized?

    Our plugin is extremely flexible, so you probably won't have to make any changes to your data. You can try your WordPress import right now, and if you have any issues, we'll be glad to help you out.

    What will my WordPress export file look like?

    Unlike other solutions, our plugin gives you complete control over your WordPress export, including how it's formatted. You can modify fields, merge them together, and even create completely custom fields using embedded PHP.

    How do I export WordPress data to CSV?

    To export data to a CSV file, you don't have to do anything at all, as CSV is our default export format. If you want to export to other file formats, just change the export type in the Drag & Drop screen.

    Can I export WooCommerce products?

    Yes. Our software is completely integrated with WooCommerce. It provides full support to export WooCommerce customers, orders, products, variations, attributes, subscriptions, and reviews.
    linkcross