Skip to main content

Import And Export Users And Customers

5 CVEs product

Monthly

CVE-2026-15026 MEDIUM This Month

Sensitive information exposure in the Import and Export Users and Customers WordPress plugin (all versions ≤ 2.4.0) allows any authenticated subscriber-level user to enumerate and extract the post_title and raw post_content of arbitrary posts regardless of visibility status or post type. Affected content includes drafts, private posts, password-protected entries, future-scheduled posts, trashed items, and non-public custom post types such as WooCommerce orders and internal CRM records. The exploit barrier is exceptionally low: the required security nonce is leaked as inline JavaScript on any wp-admin page reachable by subscribers. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis.

Authentication Bypass WordPress Information Disclosure Import And Export Users And Customers
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-22151 MEDIUM This Month

Missing Authorization vulnerability in Codection Import and export users and customers.24.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Import And Export Users And Customers
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-3558 HIGH POC PATCH This Week

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure WordPress Import And Export Users And Customers
NVD WPScan
CVSS 3.1
8.0
EPSS
1.0%
CVE-2022-1255 MEDIUM POC This Month

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Import And Export Users And Customers
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-22277 HIGH POC This Week

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Import And Export Users And Customers
NVD
CVSS 3.1
8.0
EPSS
1.8%
EPSS 0% CVSS 4.3
MEDIUM This Month

Sensitive information exposure in the Import and Export Users and Customers WordPress plugin (all versions ≤ 2.4.0) allows any authenticated subscriber-level user to enumerate and extract the post_title and raw post_content of arbitrary posts regardless of visibility status or post type. Affected content includes drafts, private posts, password-protected entries, future-scheduled posts, trashed items, and non-public custom post types such as WooCommerce orders and internal CRM records. The exploit barrier is exceptionally low: the required security nonce is leaked as inline JavaScript on any wp-admin page reachable by subscribers. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis.

Authentication Bypass WordPress Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in Codection Import and export users and customers.24.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Import And Export Users And Customers
NVD
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure WordPress Import And Export Users And Customers
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Import And Export Users And Customers
NVD WPScan
EPSS 2% CVSS 8.0
HIGH POC This Week

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Import And Export Users And Customers
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy