Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
import export wordpress users vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2022-1977
The Import Export All WordPress Images, Users & Post Types WordPress plugin prior to 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks
Smackcoders Import All Pages\\, Post Types\\, Products\\, Orders\\, And Users As Xml \\& Csv
3.5
CVSSv2
CVE-2022-1255
The Import and export users and customers WordPress plugin prior to 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
Codection Import And Export Users And Customers
4
CVSSv2
CVE-2022-0363
The myCred WordPress plugin prior to 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating...
Mycred Mycred
3.5
CVSSv2
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...
Catchplugins Catch Scroll Progress Bar
Catchplugins Catch Sticky Menu
Catchplugins Catch Themes Demo Import
Catchplugins Catch Under Construction
Catchplugins Catch Web Tools
Catchplugins Essential Content Types
Catchplugins Generate Child Theme
Catchplugins Header Enhancement
Catchplugins To Top
Catchplugins Essential Widgets
9
CVSSv2
CVE-2021-24307
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings prior to 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore...
Aioseo All In One Seo
1 Github repository
6
CVSSv2
CVE-2020-22277
Import and export users and customers WordPress Plugin up to and including 1.15.5.11 allows CSV injection via a customer's profile.
Codection Import And Export Users And Customers
6.5
CVSSv2
CVE-2020-12074
The users-customers-import-export-for-wp-woocommerce plugin prior to 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
Webtoffee Import Export Wordpress Users
6
CVSSv2
CVE-2019-15092
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
Webtoffee Import Export Wordpress Users
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2