CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-22277 – Import and export users and customers <= 1.16.3.5 - CSV injection via a customer's profile
https://notcve.org/view.php?id=CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. Import and export users and customers WordPress Plugin versiones hasta 1.15.5.11, permite una inyección CSV por medio del perfil de un cliente Import and export users and customers WordPress Plugin through 1.16.3.5 allows CSV injection via a customer's profile. • https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdf https://mega.nz/file/bSQnlS4R#UY_ozLkvXgXFKzqtTRKeB9RXGi6aEQF3X6eKXdSiBt0 https://wordpress.org/plugins/import-users-from-csv-with-meta/#:~:text=Install%20Import%20and%20export%20users%20and%20customers%20automatically%2Cis%20uploaded%20and%20extracted%2C%20click%20Activate%20Plugin%20. • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14683 – Import and export users and customers <= 1.14.1.3 - Cross-Site Request Forgery leading to attachment deletion & Path Traversal
https://notcve.org/view.php?id=CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. El complemento de codificación "Import users from CSV with meta" en versiones anteriores a 1.14.2.2 para WordPress permite wp-admin / admin-ajax.php? Action = acui_delete_attachment CSRF. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15326 – Import and export users and customers <= 1.14.2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-15326
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.2.1 para WordPress, presenta un salto de directorio. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15327 – Import and export users and customers <= 1.14.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15327
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.1.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de datos importados. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15329 – Import and export users and customers <= 1.14.0.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15329
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •