VYPR

Import Users From CSV With Meta

by WordPress

Source repositories

CVEs (15)

  • CVE-2026-7641HigMay 2, 2026
    risk 0.50cvss 8.8epss 0.01

    The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta…

  • CVE-2024-38787HigAug 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.8.

  • CVE-2025-24689MedJan 27, 2025
    risk 0.38cvss 5.9epss 0.00

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers:…

  • CVE-2024-50413MedOct 29, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Stored XSS.This issue affects Import and export users and customers: from n/a through…

  • CVE-2024-34815MedJun 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.

  • CVE-2024-4734MedMay 15, 2024
    risk 0.29cvss 4.4epss 0.00

    The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-4656MedMay 15, 2024
    risk 0.29cvss 4.4epss 0.00

    The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-32817MedApr 24, 2024
    risk 0.29cvss 4.4epss 0.00

    Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2.

  • CVE-2024-1050MedMay 4, 2024
    risk 0.28cvss 4.3epss 0.00

    The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for…

  • CVE-2019-15326Aug 22, 2019
    risk 0.00cvss epss 0.02

    The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

  • CVE-2019-15327Aug 22, 2019
    risk 0.00cvss epss 0.01

    The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

  • CVE-2019-15328Aug 22, 2019
    risk 0.00cvss epss 0.01

    The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

  • CVE-2019-15329Aug 22, 2019
    risk 0.00cvss epss 0.01

    The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

  • CVE-2019-14683Aug 8, 2019
    risk 0.00cvss epss 0.01

    The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

  • CVE-2018-20101Dec 12, 2018
    risk 0.00cvss epss 0.01

    The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.