CVE-2024-32835 – WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
https://notcve.org/view.php?id=CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. Vulnerabilidad de deserialización de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3. The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2024-30492 – WordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-30492
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. Limitación inadecuada de un nombre de ruta a una vulnerabilidad de Restricted Directory ("Path Traversal") en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.2. The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with shop manager-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-2-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •