Vulnerabilities > Codection > Import Users From CSV With Meta > 1.4.2

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2019-15329 Cross-Site Request Forgery (CSRF) vulnerability in Codection Import Users From CSV With Meta
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
network
codection CWE-352
6.8
6.8
2019-08-22 CVE-2019-15328 Cross-site Scripting vulnerability in Codection Import Users From CSV With Meta
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
network
codection CWE-79
4.3
4.3
2019-08-22 CVE-2019-15327 Cross-site Scripting vulnerability in Codection Import Users From CSV With Meta
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
network
codection CWE-79
4.3
4.3
2019-08-22 CVE-2019-15326 Path Traversal vulnerability in Codection Import Users From CSV With Meta
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
network
low complexity
codection CWE-22
5.0
5.0
2019-08-08 CVE-2019-14683 Cross-Site Request Forgery (CSRF) vulnerability in Codection Import Users From CSV With Meta
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
network
low complexity
codection CWE-352
5.7
5.7