cbcvebase.

Webtoffee Export And Import Users And Customers vulnerabilities

6 known vulnerabilities affecting webtoffee/export_and_import_users_and_customers.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-6558P3HIGHCVSS 7.2≤ 2.4.82024-01-11
CVE-2023-6558 [HIGH] CWE-434 CVE-2023-6558: The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploa The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the af
nvd
CVE-2023-3459P3HIGHCVSS 7.2≤ 2.4.12023-07-18
CVE-2023-3459 [HIGH] CWE-863 CVE-2023-3459: The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modific The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user
nvd
CVE-2025-1970P3HIGHCVSS 7.6≤ 2.6.22025-03-22
CVE-2025-1970 [HIGH] CWE-918 CVE-2025-1970: The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web applic
nvd
CVE-2025-1971P3HIGHCVSS 7.2≤ 2.6.22025-03-22
CVE-2025-1971 [HIGH] CWE-502 CVE-2025-1971: The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain i
nvd
CVE-2025-1972P3MEDIUMCVSS 6.5≤ 2.6.22025-03-22
CVE-2025-1972 [MEDIUM] CWE-73 CVE-2025-1972: The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file delet The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the
nvd
CVE-2025-1973P4MEDIUMCVSS 4.9≤ 2.6.22025-03-22
CVE-2025-1973 [MEDIUM] CWE-22 CVE-2025-1973: The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in al The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive
nvd
Webtoffee Export And Import Users And Customers vulnerabilities | cvebase