Webtoffee Import_export_wordpress_users
8 CVEs affecting Webtoffee Import_export_wordpress_users. Latest disclosed: 2025-03-22. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-12074 | High | 8.8 | 2020-04-23 | The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. |
CVE-2025-1970 | High | 7.6 | 2025-03-22 | The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the… |
CVE-2019-15092 | High | 7.3 | 2019-08-23 | The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name… |
CVE-2025-1971 | High | 7.2 | 2025-03-22 | The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserializ… |
CVE-2023-6558 | High | 7.2 | 2024-01-11 | The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_… |
CVE-2023-3459 | High | 7.2 | 2023-07-18 | The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_… |
CVE-2025-1973 | Medium | 4.9 | 2025-03-22 | The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_fil… |
CVE-2025-1972 | Low | 2.7 | 2025-03-22 | The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_l… |