CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38787 – WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability
https://notcve.org/view.php?id=CVE-2024-38787
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8. The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.26.8 via the fileupload_process function that uploads an import file in a public directory and does not subsequently delete it. This makes it possible for unauthenticated attackers to extract sensitive data including user data. • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-26-8-sensitive-information-via-imported-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32817 – WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32817
Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2. Vulnerabilidad de deserialización de datos no confiables en Import and export users and customers. Este problema afecta a los usuarios y clientes de importación y exportación: desde n/a hasta 1.26.2. The Import and export users and customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.26.2 via deserialization of untrusted input in the import.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-26-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22151 – WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-22151
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6. Vulnerabilidad de autorización faltante en usuarios y clientes de importación y exportación de Codection. Este problema afecta a los usuarios y clientes de importación y exportación: desde n/a hasta 1.24.6. The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the fire_cron function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to trigger the plugin's cron job. • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-24-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14683 – Import and export users and customers <= 1.14.1.3 - Cross-Site Request Forgery leading to attachment deletion & Path Traversal
https://notcve.org/view.php?id=CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. El complemento de codificación "Import users from CSV with meta" en versiones anteriores a 1.14.2.2 para WordPress permite wp-admin / admin-ajax.php? Action = acui_delete_attachment CSRF. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15326 – Import and export users and customers <= 1.14.2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-15326
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.2.1 para WordPress, presenta un salto de directorio. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •