Codection

Import And Export Users And Customers

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-24689

  • EPSS 0.12%
  • Veröffentlicht 27.01.2025 15:15:16
  • Zuletzt bearbeitet 27.01.2025 15:15:16

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n...

5.9

CVE-2024-50413

  • EPSS 0.16%
  • Veröffentlicht 29.10.2024 09:15:08
  • Zuletzt bearbeitet 29.10.2024 14:34:04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through ...

7.5

CVE-2024-38787

  • EPSS 1.49%
  • Veröffentlicht 13.08.2024 11:15:17
  • Zuletzt bearbeitet 13.08.2024 12:58:25

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from...

5.4

CVE-2024-34815

  • EPSS 0.15%
  • Veröffentlicht 11.06.2024 17:16:01
  • Zuletzt bearbeitet 21.11.2024 09:19:27

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5.

5.3

CVE-2024-22151

  • EPSS 0.24%
  • Veröffentlicht 08.06.2024 17:15:42
  • Zuletzt bearbeitet 12.07.2025 00:56:53

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.

4.4

CVE-2024-4734

  • EPSS 0.16%
  • Veröffentlicht 15.05.2024 02:15:11
  • Zuletzt bearbeitet 21.11.2024 09:43:28

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it po...

5.4

CVE-2023-6624

  • EPSS 0.17%
  • Veröffentlicht 11.01.2024 09:15:50
  • Zuletzt bearbeitet 21.11.2024 08:44:13

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user ...

7.2

CVE-2023-6583

  • EPSS 1.9%
  • Veröffentlicht 11.01.2024 09:15:49
  • Zuletzt bearbeitet 21.11.2024 08:44:09

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administ...

8

CVE-2022-3558

Exploit
  • EPSS 0.8%
  • Veröffentlicht 07.11.2022 10:15:12
  • Zuletzt bearbeitet 01.05.2025 20:15:34

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.

4.8

CVE-2022-1255

Exploit
  • EPSS 0.2%
  • Veröffentlicht 02.05.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:21

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues