Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-10
CVE-2024-7620 - Customizer Export Import Plugin
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created.
PLUGIN
Customizer Export Import
CVE-2024-7620
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-1347 - Customizer Export Import Plugin
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
PLUGIN
Customizer Export Import
CVE-2023-1347
Risk Score
Threat Entry
Updated 2025-05-06
CVE-2022-3380 - Customizer Export Import Plugin
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
PLUGIN
Customizer Export Import
CVE-2022-3380
Risk Score