Vulnerabilities > Webtoffee > Import Export Wordpress Users

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-6558 Unrestricted Upload of File with Dangerous Type vulnerability in Webtoffee Import Export Wordpress Users
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8.
network
low complexity
webtoffee CWE-434
7.2
2023-07-18 CVE-2023-3459 Unspecified vulnerability in Webtoffee Import Export Wordpress Users
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1.
network
low complexity
webtoffee
7.2
2020-04-23 CVE-2020-12074 Injection vulnerability in Webtoffee Import Export Wordpress Users
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
network
low complexity
webtoffee CWE-74
6.5
2019-08-23 CVE-2019-15092 Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
6.0