CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24689 – WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-24689
27 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12. The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.27.12. This makes it possible for unauthenticated attackers to extract sensitive user or co... • https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50413 – WordPress Import and export users and customers plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50413
24 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through 1.27.5. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en codection Import and export users and customers permite XSS almacenado. Este problema afecta a la importación y exportació... • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-27-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38787 – WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability
https://notcve.org/view.php?id=CVE-2024-38787
07 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8. The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.26.8 via the fileupload_process function that uploads an import file in a public directory... • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-26-8-sensitive-information-via-imported-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32817 – WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32817
22 Apr 2024 — Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2. Vulnerabilidad de deserialización de datos no confiables en Import and export users and customers. Este problema afecta a los usuarios y clientes de importación y exportación: desde n/a hasta 1.26.2. The Import and export users and customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1... • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-26-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22151 – WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-22151
16 Jan 2024 — Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6. Vulnerabilidad de autorización faltante en usuarios y clientes de importación y exportación de Codection. Este problema afecta a los usuarios y clientes de importación y exportación: desde n/a hasta 1.24.6. The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to an improper ca... • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-24-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •