Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-09
CVE-2025-1971 - Export And Import Users And Customers Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional…
PLUGIN
Export And Import Users And Customers
CVE-2025-1971
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-1973 - Export And Import Users And Customers Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.
PLUGIN
Export And Import Users And Customers
CVE-2025-1973
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-1972 - Export And Import Users And Customers Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
PLUGIN
Export And Import Users And Customers
CVE-2025-1972
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-1970 - Export And Import Users And Customers Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Export And Import Users And Customers
CVE-2025-1970
Risk Score
Threat Entry
Updated 2025-06-03
CVE-2023-6558 - Export And Import Users And Customers Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
Export And Import Users And Customers
CVE-2023-6558
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3459 - Export And Import Users And Customers Plugin
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.
PLUGIN
Export And Import Users And Customers
CVE-2023-3459
Risk Score