A vulnerability categorized as critical has been discovered in WP Import Plugin up to 7.28 on WordPress. The impacted element is the function
write_to_customfile
of the file customFunction.php. Such manipulation leads to code injection.
This vulnerability is traded as CVE-2025-10057. The attack may be launched remotely. There is no exploit available.