0.008 Low
EPSS
Percentile
81.3%
The plugin did not validate or sanitise user data, such as first and last names from the profile, leading to a CSV injection when the data is exported by an administrator.
cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdf
plugins.trac.wordpress.org/changeset/2422429/import-users-from-csv-with-meta