CVSS: 9.9EPSS: 30%CPEs: 1EXPL: 2CVE-2024-54262 – WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54262
06 Dec 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5. The Import Export For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary f... • https://github.com/RandomRobbieBF/CVE-2024-54262 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34751 – WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-34751
14 May 2024 — Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. Vulnerabilidad de deserialización de datos no confiables en WebToffee Order Export & Order Import para WooCommerce. Este problema afecta Order Export & Order Import for WooCommerce: desde n/a hasta 2.4.9. The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection... • https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-9-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32835 – WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
https://notcve.org/view.php?id=CVE-2024-32835
22 Apr 2024 — Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. Vulnerabilidad de deserialización de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3. The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserializ... • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30492 – WordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-30492
28 Mar 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. Limitación inadecuada de un nombre de ruta a una vulnerabilidad de Restricted Directory ("Path Traversal") en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.2. The Export and Import Users and Customers plugin for WordPress i... • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-2-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •