CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15326 – Import and export users and customers <= 1.14.2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-15326
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.2.1 para WordPress, presenta un salto de directorio. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15327 – Import and export users and customers <= 1.14.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15327
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.1.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de datos importados. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15329 – Import and export users and customers <= 1.14.0.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15329
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15328 – Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15328
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20101 – Import users from CSV with meta <= 1.12 - Import Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20101
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. El plugin "Import users from CSV with meta" de codection en versiones anteriores a la 1.12.1 para WordPress permite Cross-Site Scripting (XSS) mediante el valor de una celda. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9176 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •