Does WP All Import – Listings Import for Listify have any unpatched vulnerabilities?

No. All known vulnerabilities in WP All Import – Listings Import for Listify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP All Import – Listings Import for Listify compatible with WordPress 6.9.4?

According to WordPress.org data, WP All Import – Listings Import for Listify 1.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP All Import – Listings Import for Listify updated?

WP All Import – Listings Import for Listify was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is WP All Import – Listings Import for Listify's security score?

WP All Import – Listings Import for Listify has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP All Import – Listings Import for Listify Security & Risk Analysis

wordpress.org/plugins/listify-xml-csv-listings-import

Drag & drop to import directory listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, categories, locat …

400 active installs v1.1.2 PHP + WP 5.0+ Updated Jan 30, 2026

business-directoryimport-business-listingsimport-directoryimport-listingswp-job-manager

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP All Import – Listings Import for Listify Safe to Use in 2026?

Generally Safe

Score 100/100

WP All Import – Listings Import for Listify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin "listify-xml-csv-listings-import" v1.1.2 presents a mixed security posture. On the positive side, it has a very small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks. All SQL queries are executed using prepared statements, which is a strong defense against SQL injection. However, the presence of the `unserialize` function is a significant concern, as it can lead to remote code execution if used with untrusted serialized data.

Taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where external input might be improperly handled. While there is no recorded vulnerability history, this does not negate the risks identified in the static analysis. The lack of nonce checks and capability checks on any potential entry points (though currently none are identified) is also a weakness that could be exploited if new features are added without proper security considerations.

In conclusion, the plugin demonstrates good practices in database interaction and a well-contained attack surface. However, the use of `unserialize` and the identified high-severity taint flows are critical risks that need immediate attention. The absence of historical vulnerabilities is positive but should not lead to complacency, especially given the identified code-level risks.

Key Concerns

Dangerous function unserialize found
High severity taint flow (unsanitized path)
High severity taint flow (unsanitized path)
Output escaping only 45% properly escaped
No nonce checks found
No capability checks found

Vulnerabilities

None known

WP All Import – Listings Import for Listify Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP All Import – Listings Import for Listify Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$import_options_arr = unserialize($import_options['options']);classes\class-helper.php:57

unserialize$import_options_arr = empty($import_options) ? array() : unserialize($import_options['option_value']classes\class-helper.php:62

unserialize$fieldData = (!empty($field_params['field_obj']->post_content)) ? unserialize($field_params['field_orapid-addon.php:559

SQL Query Safety

100% prepared4 total queries

Output Escaping

45% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

get_post_type (classes\class-helper.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP All Import – Listings Import for Listify Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actioninitlistify-add-on.php:35

actionadmin_enqueue_scriptslistify-add-on.php:106

actionpmxi_before_xml_importlistify-add-on.php:107

actionpmxi_before_post_importlistify-add-on.php:110

actionpmxi_saved_postlistify-add-on.php:112

filterpmxi_custom_field_to_updatelistify-add-on.php:115

filterpmxi_custom_field_to_deletelistify-add-on.php:116

filterpmxi_addonsrapid-addon.php:144

filterwp_all_import_addon_parserapid-addon.php:145

filterwp_all_import_addon_importrapid-addon.php:146

filterwp_all_import_addon_saved_postrapid-addon.php:147

filterpmxi_options_optionsrapid-addon.php:148

filterwp_all_import_image_sectionsrapid-addon.php:149

filterpmxi_custom_typesrapid-addon.php:150

filterpmxi_post_list_orderrapid-addon.php:151

filterwp_all_import_post_type_imagerapid-addon.php:152

actionpmxi_extend_options_featuredrapid-addon.php:153

actionadmin_initrapid-addon.php:154

filterwp_all_import_acf_is_show_grouprapid-addon.php:219

filterwp_all_import_is_show_add_new_imagesrapid-addon.php:924

filterwp_all_import_is_allow_import_imagesrapid-addon.php:927

filterwp_all_import_is_images_section_enabledrapid-addon.php:976

actionadmin_noticesrapid-addon.php:1171

Maintenance & Trust

WP All Import – Listings Import for Listify Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 30, 2026

PHP min version

Downloads22K

Community Trust

Rating100/100

Number of ratings2

Active installs400

Alternatives

WP All Import – Listings Import for Listify Alternatives

Import Listings into the PointFinder Theme

pointfinder-xml-csv-listings-import

Easily import listings from any XML or CSV file to the PointFinder theme with the PointFinder Add-On for WP All Import.

40 No CVEs

WP All Import – Job Listing Import for WP Job Manager

wp-job-manager-xml-csv-listings-import

100

Drag & drop to import job listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports company info, locations, applic …

2K No CVEs

WP All Import – Job Listing Import for Jobify

jobify-xml-csv-listings-import

100

Drag & drop to import job listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports company info, locations, catego …

100 No CVEs

WP All Import – WP Job Manager Field Editor Add-On

smyles-wp-job-manager-field-editor-import

Support for custom fields created with WP Job Manager Field Editor when importing Jobs or Resumes using WP All Import

100 No CVEs

WP All Import – Listings Import for Listable

import-xml-csv-listings-to-listable-theme

100

Drag & drop to import directory listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, categories, locat …

80 No CVEs

Developer Profile

WP All Import – Listings Import for Listify Developer Profile

WP All Import

22 plugins · 207K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1036 days

View full developer profile

Detection Fingerprints

How We Detect WP All Import – Listings Import for Listify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/listify-xml-csv-listings-import/css/style.css/wp-content/plugins/listify-xml-csv-listings-import/css/admin.css

Script Paths

/wp-content/plugins/listify-xml-csv-listings-import/js/import.js/wp-content/plugins/listify-xml-csv-listings-import/js/admin.js

Version Parameters

listify-xml-csv-listings-import/css/style.css?ver=listify-xml-csv-listings-import/css/admin.css?ver=listify-xml-csv-listings-import/js/import.js?ver=listify-xml-csv-listings-import/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpai-listify-fieldwpai-listify-labelwpai-listify-input-wrapperwpai-listify-field-wrapper

HTML Comments

Data Attributes

data-wpai-listify-fielddata-wpai-listify-mappingdata-wpai-listify-source

JS Globals

wpai_listify_settingsWpaiListifyAdmin

FAQ