Vulnerabilities > CVE-2022-3558 - Unspecified vulnerability in Codection Import and Export Users and Customers
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta&old=2785785%40import-users-from-csv-with-meta
- https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta&old=2785785%40import-users-from-csv-with-meta
- https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6
- https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6