CVE-2022-1255

CVE-2022-1255 affects the WordPress Import and export users and customers plugin before 1.19.2.1. The issue arises from insufficient sanitization/escaping of imported CSV data, enabling high-privilege users to inject malicious JavaScript and trigger Stored Cross-Site Scripting. The vulnerability ...

CVE-2024-22151

CVE-2024-22151 affects WordPress plugin Import and export users and customers (Codection) up to version 1.24.6, due to Missing Authorization via the fire_cron REST endpoint. Unauthenticated access could trigger plugin cron functionality; CVSS 3.1 base score listed as 5.3 (Medium). Connected sourc...

CVE-2023-6583

The WordPress Import and export users and customers plugin is affected by CVE-2023-6583. It allows Directory Traversal via the Recurring Import feature in all versions up to 1.24.2, enabling an authenticated attacker with Administrator+ privileges to read and delete arbitrary files (including wp-...

CVE-2022-3558

CVE-2022-3558 affects the WordPress plugin Import and export users and customers, prior to version 1.20.5. The vulnerability arises from improper escaping of data when exporting to CSV, which enables CSV injection. The issue is demonstrated by a PoC showing crafted data (e.g., nickname payload) e...

CVE-2020-22277

The CVE-2020-22277 issue affects the WordPress plugin “Import and export users and customers” (versions up to 1.15.5.11; through 1.16.3.5 per Patchstack entry). The root cause is CSV injection via profile data exported by an administrator, caused by insufficient validation/sanitation of user data...

CVE-2023-6624

The CVE-2023-6624 entry concerns the WordPress Import and export users and customers plugin, vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to and including 1.24.3. The root cause is insufficient input sanitization and output escaping on user-supplied attrib...