CVE-2026-4328 | addonspress Advanced Import Plugin up to 1.4.6 on WordPress AJAX wp_remote_get demo_file server-side request forgery

A vulnerability was found in addonspress Advanced Import Plugin up to 1.4.6 on WordPress. It has been declared as critical. This affects the function wp_remote_get of the component AJAX Handler. The manipulation of the argument demo_file results in server-side request forgery.

This vulnerability is identified as CVE-2026-4328. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More