CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12074

HIGH
8.8
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile34.71th
PublishedApr 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

Affected Platforms (CPE)

📦
Webtoffee

Import Export Wordpress Users

< 1.3.9

References & Advisories

🔗 https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/
🔗 https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/

Related Vulnerabilities

CVE-2020-222778.0

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

CVE-2019-150927.3

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_...

CVE-2021-247525.7

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could ...

CVE-2021-243712.7

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL ...