Webtoffee: >> Import Export Wordpress Users >> 1.3.4 Security Vulnerabilities
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Score
7.2
EPSS Score
0.038
Published
2024-01-11
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-07-18
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-04-23