8 matches found
CVE-2019-15092
The CVE-2019-15092 entry concerns the WebToffee WordPress plugin “Users & WooCommerce Customers Import Export” (WordPress plugin). Affected version: 1.3.0 of the plugin allows CSV injection in exported files via the WF_CustomerImpExpCsv_Exporter class, specifically in the user_url, display_name, ...
CVE-2020-12074
The CVE concerns the WordPress plugin “users-customers-import-export-for-wp-woocommerce” (pre-1.3.9). The vulnerability allows subscribers to import new users, including administrative accounts, via a CSV import, enabling privilege escalation within WordPress. Root cause is improper validation/au...
CVE-2025-1971
CVE-2025-1971 affects the WordPress plugin Export and Import Users and Customers (versions up to 2.6.2). The flaw is PHP Object Injection via deserialization of untrusted input from the form_data parameter. It requires an authenticated attacker with Administrator-level access or higher. The impac...
CVE-2023-3459
CVE-2023-3459 affects the WordPress plugin “Export and Import Users and Customers.” Vulnerable through version 2.4.1 due to a missing capability check on the hf_update_customer function invoked via AJAX. This allows an authenticated attacker with shop-manager permissions to modify user data (e.g....
CVE-2025-1970
CVE-2025-1970 affects the WordPress plugin Export and Import Users and Customers (versions
CVE-2025-1973
CVE-2025-1973 affects the WordPress plugin Export and Import Users and Customers for WP WooCommerce (versions
CVE-2025-1972
CVE-2025-1972 affects the WordPress plugin Export and Import Users and Customers (versions
CVE-2023-6558
CVE-2023-6558 concerns the WordPress plugin “Export and Import Users and Customers”. Affected versions are up to and including 2.4.8, where the function upload_import_file has insufficient file type validation, enabling authenticated users with shop-manager-level access or higher to upload arbitr...