HIGH
wpazleen
CVE published 2026-07-10
CVE-2026-13430
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the import_media_file_secure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass. The vulnerability allows attackers to upload files that may be executable, which makes remote code execution possible. The vulnera [truncated]