Vulnerabilities > Webtoffee > Import Export Wordpress Users > 1.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6558 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtoffee Import Export Wordpress Users The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. | 7.2 |
| 2020-04-23 | CVE-2020-12074 | Improper Privilege Management vulnerability in Webtoffee Import Export Wordpress Users The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | 8.8 |