3 matches found
CVE-2022-1255
CVE-2022-1255 affects the WordPress Import and export users and customers plugin before 1.19.2.1. The issue arises from insufficient sanitization/escaping of imported CSV data, enabling high-privilege users to inject malicious JavaScript and trigger Stored Cross-Site Scripting. The vulnerability ...
CVE-2024-22151
CVE-2024-22151 affects WordPress plugin Import and export users and customers (Codection) up to version 1.24.6, due to Missing Authorization via the fire_cron REST endpoint. Unauthenticated access could trigger plugin cron functionality; CVSS 3.1 base score listed as 5.3 (Medium). Connected sourc...
CVE-2022-3558
CVE-2022-3558 affects the WordPress plugin Import and export users and customers, prior to version 1.20.5. The vulnerability arises from improper escaping of data when exporting to CSV, which enables CSV injection. The issue is demonstrated by a PoC showing crafted data (e.g., nickname payload) e...