4 matches found
CVE-2023-6558
creationtimestamp| type| source ---|---|--- 2024-01-11 10:26:38+00:00| seen| https://t.me/ctinow/166428...
CVE-2023-6558 Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'uploadimportfile' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level...
CVE-2023-6558
CVE-2023-6558 concerns the WordPress plugin “Export and Import Users and Customers”. Affected versions are up to and including 2.4.8, where the function upload_import_file has insufficient file type validation, enabling authenticated users with shop-manager-level access or higher to upload arbitr...
WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload
Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...