Import And Export Users And Customers

CVEs (10)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-3629	Codection Import And Export Users And Customers	Hig	0.46	8.1	0.00	Mar 21, 2026	The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' function not properly restricting which user meta keys can be updated via…
CVE-2023-6583	Codection Import And Export Users And Customers	Med	0.43	6.6	0.02	Jan 11, 2024	The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to…
CVE-2023-6558	Webtoffee Import Export Wordpress Users	Hig	0.40	7.2	0.04	Jan 11, 2024	The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with…
CVE-2023-3459	Webtoffee Import Export Wordpress Users	Hig	0.40	7.2	0.00	Jul 18, 2023	The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for…
CVE-2023-6624	Codection Import And Export Users And Customers	Med	0.32	4.9	0.00	Jan 11, 2024	The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This…
CVE-2024-32817	WordPress Import Users From Csv With Meta	Med	0.29	4.4	0.00	Apr 24, 2024	Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2.
CVE-2024-1050	WordPress Import Users From Csv With Meta	Med	0.28	4.3	0.00	May 4, 2024	The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for…
CVE-2025-1973	Codection Import And Export Users And Customers		0.00	—	0.00	Mar 22, 2025	The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the…
CVE-2025-1970	Codection Import And Export Users And Customers		0.00	—	0.00	Mar 22, 2025	The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and…
CVE-2025-1971	Codection Import And Export Users And Customers		0.00	—	0.00	Mar 22, 2025	The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with…

CVE-2026-3629HigMar 21, 2026
Codection
Import And Export Users And Customers
risk 0.46cvss 8.1epss 0.00
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' function not properly restricting which user meta keys can be updated via…
CVE-2023-6583MedJan 11, 2024
Codection
Import And Export Users And Customers
risk 0.43cvss 6.6epss 0.02
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to…
CVE-2023-6558HigJan 11, 2024
Webtoffee
Import Export Wordpress Users
risk 0.40cvss 7.2epss 0.04
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with…
CVE-2023-3459HigJul 18, 2023
Webtoffee
Import Export Wordpress Users
risk 0.40cvss 7.2epss 0.00
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for…
CVE-2023-6624MedJan 11, 2024
Codection
Import And Export Users And Customers
risk 0.32cvss 4.9epss 0.00
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This…
CVE-2024-32817MedApr 24, 2024
WordPress
Import Users From Csv With Meta
risk 0.29cvss 4.4epss 0.00
Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2.
CVE-2024-1050MedMay 4, 2024
WordPress
Import Users From Csv With Meta
risk 0.28cvss 4.3epss 0.00
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for…
CVE-2025-1973Mar 22, 2025
Codection
Import And Export Users And Customers
risk 0.00cvss —epss 0.00
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the…
CVE-2025-1970Mar 22, 2025
Codection
Import And Export Users And Customers
risk 0.00cvss —epss 0.00
The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and…
CVE-2025-1971Mar 22, 2025
Codection
Import And Export Users And Customers
risk 0.00cvss —epss 0.00
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with…