Webtoffee Import_export_wordpress_users

8 CVEs affecting Webtoffee Import_export_wordpress_users. Latest disclosed: 2025-03-22. Critical: 0, High: 6.

Top CVEs affecting Webtoffee Import_export_wordpress_users
CVESeverityScorePublishedSummary
CVE-2020-12074High8.82020-04-23The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
CVE-2025-1970High7.62025-03-22The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the…
CVE-2019-15092High7.32019-08-23The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name…
CVE-2025-1971High7.22025-03-22The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserializ…
CVE-2023-6558High7.22024-01-11The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_…
CVE-2023-3459High7.22023-07-18The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_…
CVE-2025-1973Medium4.92025-03-22The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_fil…
CVE-2025-1972Low2.72025-03-22The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_l…