High severity7.3NVD Advisory· Published Aug 23, 2019· Updated Jun 17, 2026
CVE-2019-15092
CVE-2019-15092
Description
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Users & WooCommerce Customers Import Export plugindescription
- Range: <=1.3.0
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- hackpuntes.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection/nvdExploitThird Party Advisory
- wpvulndb.com/vulnerabilities/9704nvdThird Party Advisory
News mentions
0No linked articles in our index yet.