WP-Safety

WPCasa All Import Security & Risk Analysis

wordpress.org/plugins/wpcasa-all-import

Add-on for the WP All Import plugin to import any XML or CSV File to WPCasa

100 active installs v1.1.2 PHP 5.6+ WP 4.0+ Updated Dec 1, 2025
importpropertywp-all-importwpallimportwpcasa
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPCasa All Import Safe to Use in 2026?

Generally Safe

Score 100/100

WPCasa All Import has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "wpcasa-all-import" v1.1.2 plugin demonstrates several good security practices, including the absence of known CVEs and the exclusive use of prepared statements for SQL queries. The static analysis reports a zero attack surface from common entry points like AJAX handlers, REST API routes, and shortcodes, and no cron events, which is a strong indicator of a well-secured plugin. However, there are significant concerns arising from the code analysis. The presence of the `unserialize` function without any apparent input validation or sanitization is a critical risk, as it can lead to Remote Code Execution (RCE) vulnerabilities if an attacker can control the serialized data. The limited proper output escaping (43%) also poses a risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-controlled data is being outputted without adequate sanitization. The lack of nonce and capability checks on the identified entry points further exacerbates these risks, leaving the plugin vulnerable to unauthorized actions. The vulnerability history being clean is positive, but it cannot mitigate the inherent risks identified in the code itself, which could be present even if undiscovered or exploited.

Key Concerns

  • Dangerous function 'unserialize' used without checks
  • Low percentage of properly escaped output
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

WPCasa All Import Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPCasa All Import Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
8
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$fieldData = (!empty($field_params['field_obj']->post_content)) ? unserialize($field_params['field_orapid-addon.php:557

Output Escaping

43% escaped14 total outputs
Attack Surface

WPCasa All Import Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
filterpmxi_addonsrapid-addon.php:146
filterwp_all_import_addon_parserapid-addon.php:147
filterwp_all_import_addon_importrapid-addon.php:148
filterwp_all_import_addon_saved_postrapid-addon.php:149
filterpmxi_options_optionsrapid-addon.php:150
filterwp_all_import_image_sectionsrapid-addon.php:151
filterpmxi_custom_typesrapid-addon.php:152
filterpmxi_post_list_orderrapid-addon.php:153
filterwp_all_import_post_type_imagerapid-addon.php:154
actionpmxi_extend_options_featuredrapid-addon.php:155
actionadmin_initrapid-addon.php:156
filterwp_all_import_acf_is_show_grouprapid-addon.php:221
filterwp_all_import_is_show_add_new_imagesrapid-addon.php:923
filterwp_all_import_is_allow_import_imagesrapid-addon.php:926
filterwp_all_import_is_images_section_enabledrapid-addon.php:975
actionadmin_noticesrapid-addon.php:1156
Maintenance & Trust

WPCasa All Import Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version5.6
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

WPCasa All Import Alternatives

Property Hive

Property Hive

propertyhive

B
82

Building a property website? Property Hive has everything you need to get started, and so much more.

3K 18 CVEs
Custom Product Tabs for WooCommerce WP All Import Add-on

Custom Product Tabs for WooCommerce WP All Import Add-on

custom-product-tabs-wp-all-import-add-on

A
85

This add-on extends Custom Product Tabs for WooCommerce to work with WP All Import.

1K No CVEs
Houzez Property Feed

Houzez Property Feed

houzez-property-feed

A
98

Automatically import properties to Houzez from estate agency CRMs and export to portals

1K 2 CVEs
WP All Import – Property Import for RealHomes

WP All Import – Property Import for RealHomes

realhomes-xml-csv-property-listings-import

A
100

Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am …

700 No CVEs
WP All Import – Property Import for WP Residence

WP All Import – Property Import for WP Residence

wp-residence-add-on-for-wp-all-import

A
100

Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am …

700 No CVEs
Developer Profile

WPCasa All Import Developer Profile

WPSight

10 plugins · 3K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect WPCasa All Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpcasa-all-import/css/wpcasa-all-import.css/wp-content/plugins/wpcasa-all-import/js/wpcasa-all-import.js
Version Parameters
wpcasa-all-import/css/wpcasa-all-import.css?ver=wpcasa-all-import/js/wpcasa-all-import.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Custom price before text (for upcoming WPCasa version) --><!-- Custom price after text (for upcoming WPCasa version) -->
Data Attributes
data-wpsight-all-import-fielddata-wpsight-all-import-field-wrap
FAQ

Frequently Asked Questions about WPCasa All Import