WordPress Import Export For WooCommerce plugin <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Import Export For WooCommerce versions = 1.6.2...

CVE-2025-12389 Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...

PT-2025-17167 · WordPress · Wpfactory Product Excel Import Export & Bulk Edit For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPFactory Product Excel Import Export & Bulk Edit for WooCommerce versions n/a through 4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows...

WordPress Import Export For WooCommerce plugin <= 1.6.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Import Export For WooCommerce versions = 1.6.2...