Published: 23/08/2019 Updated: 29/08/2019
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

Import Export WordPress Users plugin for WordPress could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by a CSV injection in the do_export() from WF_CustomerImpExpCsv_Exporter class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
WebtoffeeImport Export Wordpress Users1.3.1


# Exploit Title: Wordpress Plugin Import Export WordPress Users <= 131 - CSV Injection # Exploit Author: Javier Olmedo # Contact: @jjavierolmedo # Website: sidertiacom # Date: 2018-08-22 # Google Dork: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce" # Vendor: WebToffee # Software Link: downloadswo ...

Mailing Lists

WordPress Import Export WordPress Users plugin version 131 suffers from a CSV injection vulnerability ...

Github Repositories