Import Export Wordpress Users
CVE-2020-12074
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
AnalysisAI
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. Affected products include: Webtoffee Import Export Wordpress Users. Version information: before 1.3.9.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in
The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versi
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, an
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insuffici
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today