Webtoffee Import Export Wordpress Users — known CVE vulnerabilities
Every CVE whose affected-product data names Webtoffee Import Export Wordpress Users, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2020-12074 — CVSS 8.8 (high): The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts…
CVE-2025-1970 — CVSS 7.6 (high): The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and…
CVE-2019-15092 — CVSS 7.3 (high): The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url…
CVE-2023-6558 — CVSS 7.2 (high): The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type…
CVE-2023-3459 — CVSS 7.2 (high): The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2025-1971 — CVSS 7.2 (high): The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including…
CVE-2025-1973 — CVSS 4.9 (medium): The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2…
CVE-2025-1972 — CVSS 2.7 (low): The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…