webtoffee vulnerabilities and exploits

6
CVSSv2
CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class....

WebtoffeeImport Export Wordpress Users
6.8
CVSSv2
CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection....