WP-Safety

WP All Import – Listings Import for Inventor WP Security & Risk Analysis

wordpress.org/plugins/import-xml-csv-listings-to-inventor-wp

Drag & drop to import directory listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, categories, locat …

10 active installs v1.1.1 PHP + WP 4.1.0+ Updated Jan 30, 2026
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP All Import – Listings Import for Inventor WP Safe to Use in 2026?

Generally Safe

Score 100/100

WP All Import – Listings Import for Inventor WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The plugin "import-xml-csv-listings-to-inventor-wp" v1.1.1 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and its SQL queries are all secured with prepared statements, indicating an awareness of common database injection risks. The absence of external HTTP requests and the limited attack surface from a static analysis perspective are also strengths. However, significant concerns arise from the code signals. The presence of the `unserialize` function is a major red flag, as it can be exploited for remote code execution if user-controlled data is passed to it without proper sanitization. Furthermore, the taint analysis reveals a flow with unsanitized paths, specifically of high severity, suggesting a potential pathway for attackers to exploit. The plugin also demonstrates a complete lack of nonce checks and capability checks, leaving any potential entry points vulnerable to CSRF attacks and unauthorized access if they were to be discovered or introduced in future versions.

Key Concerns

  • Dangerous function 'unserialize' used
  • High severity unsanitized taint flow detected
  • No nonce checks implemented
  • No capability checks implemented
  • 50% of outputs not properly escaped
Vulnerabilities
None known

WP All Import – Listings Import for Inventor WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP All Import – Listings Import for Inventor WP Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
4 prepared
Unescaped Output
6
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$import_options_arr = unserialize($import_options['options']);inventorwp-add-on.php:44
unserialize$import_options_arr = empty($import_options) ? array() : unserialize($import_options['option_value']inventorwp-add-on.php:52
unserialize$fieldData = (!empty($field_params['field_obj']->post_content)) ? unserialize($field_params['field_orapid-addon.php:551

SQL Query Safety

100% prepared4 total queries

Output Escaping

50% escaped12 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<inventorwp-add-on> (inventorwp-add-on.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP All Import – Listings Import for Inventor WP Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 18
filterpmxi_visible_template_sectionsinventorwp-add-on.php:3886
actionadmin_enqueue_scriptsinventorwp-add-on.php:3942
filterpmxi_addonsrapid-addon.php:144
filterwp_all_import_addon_parserapid-addon.php:145
filterwp_all_import_addon_importrapid-addon.php:146
filterwp_all_import_addon_saved_postrapid-addon.php:147
filterpmxi_options_optionsrapid-addon.php:148
filterwp_all_import_image_sectionsrapid-addon.php:149
filterpmxi_custom_typesrapid-addon.php:150
filterpmxi_post_list_orderrapid-addon.php:151
filterwp_all_import_post_type_imagerapid-addon.php:152
actionpmxi_extend_options_featuredrapid-addon.php:153
actionadmin_initrapid-addon.php:154
filterwp_all_import_acf_is_show_grouprapid-addon.php:219
filterwp_all_import_is_show_add_new_imagesrapid-addon.php:912
filterwp_all_import_is_allow_import_imagesrapid-addon.php:915
filterwp_all_import_is_images_section_enabledrapid-addon.php:958
actionadmin_noticesrapid-addon.php:1153
Maintenance & Trust

WP All Import – Listings Import for Inventor WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 30, 2026
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP All Import – Listings Import for Inventor WP Alternatives

No alternatives data available yet.

Developer Profile

WP All Import – Listings Import for Inventor WP Developer Profile

WP All Import

22 plugins · 207K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
1036 days
View full developer profile
Detection Fingerprints

How We Detect WP All Import – Listings Import for Inventor WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/import-xml-csv-listings-to-inventor-wp/rapid-addon.php
Version Parameters
import-xml-csv-listings-to-inventor-wp/rapid-addon.php?ver=

HTML / DOM Fingerprints

CSS Classes
opening-hours-dayopening-hours-fromopening-hours-toopening-hours-custom-text
HTML Comments
<!-- Inventor Google Map" plugin is active, add the "Google Map", * "Google Street view" & "Google Inside View" banner types to * the list of availble banner types. -->Use any format supported by the PHP <b>strtotime</b> function. That means pretty much any human-readable time will work.
Data Attributes
listing_banner_imagelisting_banner_videolisting_banner_video_looplisting_banner_map_zoomlisting_banner_map_typelisting_banner_map_marker+16 more
FAQ

Frequently Asked Questions about WP All Import – Listings Import for Inventor WP