Lucene search
K

3 matches found

NVD
NVD
added 2025/03/22 12:15 p.m.13 views

CVE-2025-1973

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrar...

4.9CVSS0.00691EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/22 11:23 a.m.8 views

CVE-2025-1973 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrar...

4.9CVSS6.7AI score0.00691EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/22 11:23 a.m.16 views

CVE-2025-1973 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrar...

4.9CVSS0.00691EPSS
Exploits0References4
Rows per page
Query Builder