Lucene search
+L
WebtoffeeImport Export Wordpress Users

8 matches found

CVE
CVE
added 2019/08/23 8:51 p.m.171 views

CVE-2019-15092

The CVE-2019-15092 entry concerns the WebToffee WordPress plugin “Users & WooCommerce Customers Import Export” (WordPress plugin). Affected version: 1.3.0 of the plugin allows CSV injection in exported files via the WF_CustomerImpExpCsv_Exporter class, specifically in the user_url, display_name, ...

7.3CVSS7.3AI score0.05141EPSS
CVE
CVE
added 2020/04/23 2:0 a.m.143 views

CVE-2020-12074

The CVE concerns the WordPress plugin “users-customers-import-export-for-wp-woocommerce” (pre-1.3.9). The vulnerability allows subscribers to import new users, including administrative accounts, via a CSV import, enabling privilege escalation within WordPress. Root cause is improper validation/au...

8.8CVSS8.7AI score0.01727EPSS
Web
CVE
CVE
added 2025/03/22 11:18 a.m.78 views

CVE-2025-1971

CVE-2025-1971 affects the WordPress plugin Export and Import Users and Customers (versions up to 2.6.2). The flaw is PHP Object Injection via deserialization of untrusted input from the form_data parameter. It requires an authenticated attacker with Administrator-level access or higher. The impac...

7.2CVSS7.3AI score0.0069EPSS
CVE
CVE
added 2023/07/18 2:39 a.m.75 views

CVE-2023-3459

CVE-2023-3459 affects the WordPress plugin “Export and Import Users and Customers.” Vulnerable through version 2.4.1 due to a missing capability check on the hf_update_customer function invoked via AJAX. This allows an authenticated attacker with shop-manager permissions to modify user data (e.g....

7.2CVSS6.8AI score0.00717EPSS
CVE
CVE
added 2025/03/22 11:18 a.m.71 views

CVE-2025-1970

CVE-2025-1970 affects the WordPress plugin Export and Import Users and Customers (versions

7.6CVSS6.6AI score0.00386EPSS
CVE
CVE
added 2025/03/22 11:23 a.m.71 views

CVE-2025-1973

CVE-2025-1973 affects the WordPress plugin Export and Import Users and Customers for WP WooCommerce (versions

4.9CVSS6.5AI score0.00691EPSS
CVE
CVE
added 2025/03/22 11:18 a.m.67 views

CVE-2025-1972

CVE-2025-1972 affects the WordPress plugin Export and Import Users and Customers (versions

6.5CVSS6.8AI score0.00371EPSS
CVE
CVE
added 2024/01/11 8:32 a.m.49 views

CVE-2023-6558

CVE-2023-6558 concerns the WordPress plugin “Export and Import Users and Customers”. Affected versions are up to and including 2.4.8, where the function upload_import_file has insufficient file type validation, enabling authenticated users with shop-manager-level access or higher to upload arbitr...

7.2CVSS7.4AI score0.01366EPSS