VYPR

Import Export Wordpress Users

by Webtoffee

Source repositories

CVEs (4)

  • CVE-2023-6558HigJan 11, 2024
    risk 0.40cvss 7.2epss 0.01

    The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with…

  • CVE-2023-3459HigJul 18, 2023
    risk 0.40cvss 7.2epss 0.01

    The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for…

  • CVE-2024-32835MedApr 24, 2024
    risk 0.35cvss 5.4epss 0.00

    Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3.

  • CVE-2024-30492MedMar 29, 2024
    risk 0.28cvss 4.3epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.