CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-15092

HIGH
7.3
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile38.33th
Published2019年8月23日
Last Modified2024年11月21日

Vulnerability Description

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

Affected Platforms (CPE)

📦
Webtoffee

Import Export Wordpress Users

<= 1.3.1

References & Advisories

🔗 http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html
🔗 https://hackpuntes.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection/
🔗 https://wpvulndb.com/vulnerabilities/9704
🔗 http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html
🔗 https://hackpuntes.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection/
🔗 https://wpvulndb.com/vulnerabilities/9704

相關漏洞威脅

CVE-2020-120748.8

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative...

CVE-2020-222778.0

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

CVE-2021-247525.7

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could ...

CVE-2021-243712.7

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL ...

CVE-2019-15092 Detail & Impact Analysis | CVSS 7.3 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space