Import Export Wordpress Users Security Vulnerabilities and Issues — Import Export Wordpress Users CVE List

Lucene search

WebtoffeeImport Export Wordpress Users

10 matches found

CVE•added 2019/08/23 9:15 p.m.•148 views

CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

7.3CVSS7.3AI score0.08815EPSS

CVE•added 2020/04/23 2:15 a.m.•125 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

8.8CVSS8.7AI score0.00554EPSS

CVE•added 2024/03/29 4:15 p.m.•63 views

CVE-2024-30492

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.

4.3CVSS4.9AI score0.00347EPSS

CVE•added 2025/03/22 12:15 p.m.•52 views

CVE-2025-1973

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitra...

4.9CVSS6.5AI score0.0008EPSS

CVE•added 2025/03/22 12:15 p.m.•50 views

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS7.3AI score0.00355EPSS

CVE•added 2024/04/24 8:15 a.m.•49 views

CVE-2024-32835

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3.

5.4CVSS6.8AI score0.00083EPSS

CVE•added 2023/07/18 3:15 a.m.•44 views

CVE-2023-3459

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attack...

7.2CVSS6.8AI score0.00219EPSS

CVE•added 2025/03/22 12:15 p.m.•44 views

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

6.5CVSS6.8AI score0.00071EPSS

CVE•added 2025/03/22 12:15 p.m.•41 views

CVE-2025-1970

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web reques...

7.6CVSS6.6AI score0.00064EPSS

CVE•added 2024/01/11 9:15 a.m.•32 views

CVE-2023-6558

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level ca...

7.2CVSS7.4AI score0.03798EPSS