CyberSec.Space Logo
Back to CVE Browser

CVE-2019-15092

HIGH
7.3
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile38.33th
PublishedAug 23, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

Affected Platforms (CPE)

πŸ“¦
Webtoffee

Import Export Wordpress Users

<= 1.3.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html
πŸ”— https://hackpuntes.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection/
πŸ”— https://wpvulndb.com/vulnerabilities/9704
πŸ”— http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html
πŸ”— https://hackpuntes.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection/
πŸ”— https://wpvulndb.com/vulnerabilities/9704

Related Vulnerabilities

CVE-2020-120748.8

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative...

CVE-2020-222778.0

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

CVE-2021-247525.7

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could ...

CVE-2021-243712.7

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL ...