Webtoffee

Import Export Wordpress Users

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-1973

  • EPSS 0.19%
  • Veröffentlicht 22.03.2025 11:23:31
  • Zuletzt bearbeitet 09.07.2025 17:43:34

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level ...

7.6

CVE-2025-1970

  • EPSS 0.11%
  • Veröffentlicht 22.03.2025 11:18:41
  • Zuletzt bearbeitet 09.07.2025 17:57:31

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Adminis...

7.2

CVE-2025-1971

  • EPSS 1.11%
  • Veröffentlicht 22.03.2025 11:18:40
  • Zuletzt bearbeitet 09.07.2025 17:50:49

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authent...

6.5

CVE-2025-1972

  • EPSS 0.21%
  • Veröffentlicht 22.03.2025 11:18:40
  • Zuletzt bearbeitet 09.07.2025 17:46:11

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for ...

5.4

CVE-2024-32835

  • EPSS 0.11%
  • Veröffentlicht 24.04.2024 08:15:41
  • Zuletzt bearbeitet 21.11.2024 09:15:49

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3.

4.3

CVE-2024-30492

  • EPSS 0.47%
  • Veröffentlicht 29.03.2024 16:15:10
  • Zuletzt bearbeitet 21.11.2024 09:12:02

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.

7.2

CVE-2023-6558

  • EPSS 3.8%
  • Veröffentlicht 11.01.2024 09:15:49
  • Zuletzt bearbeitet 03.06.2025 14:15:38

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for a...

7.2

CVE-2023-3459

  • EPSS 0.15%
  • Veröffentlicht 18.07.2023 03:15:55
  • Zuletzt bearbeitet 21.11.2024 08:17:18

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1...

8.8

CVE-2020-12074

Exploit
  • EPSS 0.55%
  • Veröffentlicht 23.04.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:13

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

7.3

CVE-2019-15092

Exploit
  • EPSS 8.41%
  • Veröffentlicht 23.08.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:02

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporte...