Comments Import Export Woocommerce
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11526 | Hig | 0.54 | 7.8 | 0.05 | Jun 19, 2018 | The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | ||
| CVE-2025-54029 | Hig | 0.50 | 7.7 | 0.00 | Aug 28, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export extendons-eo-wooimport-export allows Path Traversal.This issue affects WooCommerce csv import export: from n/a through <= 2.0.6. | ||
| CVE-2024-7514 | Med | 0.46 | 6.5 | 0.01 | Oct 11, 2024 | The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-3919 | Med | 0.35 | 6.4 | 0.00 | Jun 2, 2025 | The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and… | ||
| CVE-2024-31235 | Med | 0.28 | 4.3 | 0.00 | Apr 12, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. |
- risk 0.54cvss 7.8epss 0.05
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
- risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export extendons-eo-wooimport-export allows Path Traversal.This issue affects WooCommerce csv import export: from n/a through <= 2.0.6.
- risk 0.46cvss 6.5epss 0.01
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with…
- risk 0.35cvss 6.4epss 0.00
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.