Import Export Wordpress Users
CVE-2019-15092
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
AnalysisAI
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1236. The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. Affected products include: Webtoffee Import Export Wordpress Users.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import admi
The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versi
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, an
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insuffici
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today