Import Users From CSV With Meta
by WordPress
Source repositories
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7641 | Hig | 0.50 | 8.8 | 0.01 | May 2, 2026 | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta… | ||
| CVE-2024-38787 | Hig | 0.49 | 7.5 | 0.00 | Aug 13, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.8. | ||
| CVE-2025-24689 | Med | 0.38 | 5.9 | 0.00 | Jan 27, 2025 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers:… | ||
| CVE-2024-50413 | Med | 0.38 | 5.9 | 0.00 | Oct 29, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Stored XSS.This issue affects Import and export users and customers: from n/a through… | ||
| CVE-2024-34815 | Med | 0.35 | 5.4 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5. | ||
| CVE-2024-4734 | Med | 0.29 | 4.4 | 0.00 | May 15, 2024 | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-4656 | Med | 0.29 | 4.4 | 0.00 | May 15, 2024 | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-32817 | Med | 0.29 | 4.4 | 0.00 | Apr 24, 2024 | Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2. | ||
| CVE-2024-1050 | Med | 0.28 | 4.3 | 0.00 | May 4, 2024 | The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for… | ||
| CVE-2019-15326 | 0.00 | — | 0.02 | Aug 22, 2019 | The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | |||
| CVE-2019-15327 | 0.00 | — | 0.01 | Aug 22, 2019 | The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | |||
| CVE-2019-15328 | 0.00 | — | 0.01 | Aug 22, 2019 | The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | |||
| CVE-2019-15329 | 0.00 | — | 0.01 | Aug 22, 2019 | The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | |||
| CVE-2019-14683 | 0.00 | — | 0.01 | Aug 8, 2019 | The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | |||
| CVE-2018-20101 | 0.00 | — | 0.01 | Dec 12, 2018 | The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. |
- risk 0.50cvss 8.8epss 0.01
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta…
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.8.
- risk 0.38cvss 5.9epss 0.00
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers:…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Stored XSS.This issue affects Import and export users and customers: from n/a through…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.
- risk 0.29cvss 4.4epss 0.00
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.29cvss 4.4epss 0.00
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.29cvss 4.4epss 0.00
Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2.
- risk 0.28cvss 4.3epss 0.00
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for…
- CVE-2019-15326Aug 22, 2019risk 0.00cvss —epss 0.02
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
- CVE-2019-15327Aug 22, 2019risk 0.00cvss —epss 0.01
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
- CVE-2019-15328Aug 22, 2019risk 0.00cvss —epss 0.01
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
- CVE-2019-15329Aug 22, 2019risk 0.00cvss —epss 0.01
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
- CVE-2019-14683Aug 8, 2019risk 0.00cvss —epss 0.01
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
- CVE-2018-20101Dec 12, 2018risk 0.00cvss —epss 0.01
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.