Vulnerabilities > Webtoffee > Import Export Wordpress Users > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-23 | CVE-2020-12074 | Injection vulnerability in Webtoffee Import Export Wordpress Users The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | 6.5 |
| 2019-08-23 | CVE-2019-15092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 6.0 |