Import Users From Csv With Meta
Monthly
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.