Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
import export wordpress users vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1347
The Customizer Export/Import WordPress plugin prior to 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Fastlinemedia Customizer Export\\/import
NA
CVE-2022-3558
The Import and export users and customers WordPress plugin prior to 1.20.5 does not properly escape data when exporting it via CSV files.
Codection Import And Export Users And Customers
534
VMScore
CVE-2022-1977
The Import Export All WordPress Images, Users & Post Types WordPress plugin prior to 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks
Smackcoders Import All Pages\\, Post Types\\, Products\\, Orders\\, And Users As Xml \\& Csv
312
VMScore
CVE-2022-1255
The Import and export users and customers WordPress plugin prior to 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
Codection Import And Export Users And Customers
356
VMScore
CVE-2022-0363
The myCred WordPress plugin prior to 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating...
Mycred Mycred
312
VMScore
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...
Catchplugins Catch Scroll Progress Bar
Catchplugins Catch Sticky Menu
Catchplugins Catch Themes Demo Import
Catchplugins Catch Under Construction
Catchplugins Catch Web Tools
Catchplugins Essential Content Types
Catchplugins Generate Child Theme
Catchplugins Header Enhancement
Catchplugins To Top
Catchplugins Essential Widgets
801
VMScore
CVE-2021-24307
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings prior to 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore...
Aioseo All In One Seo
1 Github repository
534
VMScore
CVE-2020-22277
Import and export users and customers WordPress Plugin up to and including 1.15.5.11 allows CSV injection via a customer's profile.
Codection Import And Export Users And Customers
578
VMScore
CVE-2020-12074
The users-customers-import-export-for-wp-woocommerce plugin prior to 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
Webtoffee Import Export Wordpress Users
605
VMScore
CVE-2019-15092
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
Webtoffee Import Export Wordpress Users
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2