Import Export Wordpress Users Security Vulnerabilities and Issues — Import Export Wordpress Users CVE List

Lucene search

WebtoffeeImport Export Wordpress Users

8 matches found

CVE•added 2019/08/23 9:15 p.m.•150 views

CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

7.3CVSS7.3AI score0.08815EPSS

CVE•added 2020/04/23 2:15 a.m.•126 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

8.8CVSS8.7AI score0.00554EPSS

Web

CVE•added 2025/03/22 12:15 p.m.•54 views

CVE-2025-1973

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitra...

4.9CVSS6.5AI score0.00097EPSS

CVE•added 2025/03/22 12:15 p.m.•52 views

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS7.3AI score0.00503EPSS

CVE•added 2025/03/22 12:15 p.m.•46 views

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

6.5CVSS6.8AI score0.00099EPSS

CVE•added 2023/07/18 3:15 a.m.•45 views

CVE-2023-3459

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attack...

7.2CVSS6.8AI score0.00152EPSS

CVE•added 2025/03/22 12:15 p.m.•43 views

CVE-2025-1970

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web reques...

7.6CVSS6.6AI score0.00065EPSS

CVE•added 2024/01/11 9:15 a.m.•34 views

CVE-2023-6558

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level ca...

7.2CVSS7.4AI score0.03798EPSS