8 matches found
CVE-2026-5335
The CVE-2026-5335 affects the Magic Export & Import WordPress plugin (versions before 1.2.0). The root cause is that exported CSV files are stored at a publicly accessible location, enabling unauthenticated disclosure of sensitive user information. Affected component is the export/import facility...
EUVD-2026-26906
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
CVE-2025-1971 Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...
WordPress plugin Export and Import Users and Customers 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
WordPress plugin Export and Import Users and Customers 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
CVE-2023-6558
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'uploadimportfile' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level...
CVE-2023-3459 Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hfupdatecustomer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated...
CVE-2020-23060
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file...