Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Import and export users and customers by Unknown

    CVE-2022-3558 (GCVE-0-2022-3558)

    Vulnerability from nvd – Published: 2022-11-07 00:00 – Updated: 2025-05-01 19:23
    VLAI
    Title
    Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
    Summary
    The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    Impacted products
    Vendor Product Version
    Unknown Import and export users and customers Affected: 1.20.5 , < 1.20.5 (custom)
    Create a notification for this product.
    Credits
    Adel Bouaricha
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:01.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3558",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:22:44.030339Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:23:08.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Import and export users and customers",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.20.5",
                  "status": "affected",
                  "version": "1.20.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Adel Bouaricha"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Import and export users and customers \u003c 1.20.5 - Subscriber+ CSV Injection",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3558",
        "datePublished": "2022-11-07T00:00:00.000Z",
        "dateReserved": "2022-10-17T00:00:00.000Z",
        "dateUpdated": "2025-05-01T19:23:08.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1255 (GCVE-0-2022-1255)

    Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
    Summary
    The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Import and export users and customers Affected: 1.19.2.1 , < 1.19.2.1 (custom)
    Create a notification for this product.
    Credits
    0x23.so
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Import and export users and customers",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.19.2.1",
                  "status": "affected",
                  "version": "1.19.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "0x23.so"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T16:05:52.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1255",
              "STATE": "PUBLIC",
              "TITLE": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Import and export users and customers",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.19.2.1",
                                "version_value": "1.19.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "0x23.so"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1255",
        "datePublished": "2022-05-02T16:05:52.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3558 (GCVE-0-2022-3558)

    Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2025-05-01 19:23
    VLAI
    Title
    Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
    Summary
    The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    Impacted products
    Vendor Product Version
    Unknown Import and export users and customers Affected: 1.20.5 , < 1.20.5 (custom)
    Create a notification for this product.
    Credits
    Adel Bouaricha
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:01.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3558",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T19:22:44.030339Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T19:23:08.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Import and export users and customers",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.20.5",
                  "status": "affected",
                  "version": "1.20.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Adel Bouaricha"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Import and export users and customers \u003c 1.20.5 - Subscriber+ CSV Injection",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3558",
        "datePublished": "2022-11-07T00:00:00.000Z",
        "dateReserved": "2022-10-17T00:00:00.000Z",
        "dateUpdated": "2025-05-01T19:23:08.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1255 (GCVE-0-2022-1255)

    Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
    Summary
    The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Import and export users and customers Affected: 1.19.2.1 , < 1.19.2.1 (custom)
    Create a notification for this product.
    Credits
    0x23.so
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Import and export users and customers",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.19.2.1",
                  "status": "affected",
                  "version": "1.19.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "0x23.so"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T16:05:52.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1255",
              "STATE": "PUBLIC",
              "TITLE": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Import and export users and customers",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.19.2.1",
                                "version_value": "1.19.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "0x23.so"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1255",
        "datePublished": "2022-05-02T16:05:52.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }