Search criteria
4 vulnerabilities found for Import and export users and customers by Unknown
CVE-2022-3558 (GCVE-0-2022-3558)
Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2025-05-01 19:23
VLAI?
Title
Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
Summary
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
Severity ?
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import and export users and customers |
Affected:
1.20.5 , < 1.20.5
(custom)
|
Credits
Adel Bouaricha
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:22:44.030339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:23:08.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Import and export users and customers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.20.5",
"status": "affected",
"version": "1.20.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Adel Bouaricha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import and export users and customers \u003c 1.20.5 - Subscriber+ CSV Injection",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3558",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:23:08.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1255 (GCVE-0-2022-1255)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Title
Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
Summary
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import and export users and customers |
Affected:
1.19.2.1 , < 1.19.2.1
(custom)
|
Credits
0x23.so
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Import and export users and customers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.19.2.1",
"status": "affected",
"version": "1.19.2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0x23.so"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:52",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1255",
"STATE": "PUBLIC",
"TITLE": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Import and export users and customers",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.19.2.1",
"version_value": "1.19.2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0x23.so"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1255",
"datePublished": "2022-05-02T16:05:52",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3558 (GCVE-0-2022-3558)
Vulnerability from nvd – Published: 2022-11-07 00:00 – Updated: 2025-05-01 19:23
VLAI?
Title
Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
Summary
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
Severity ?
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import and export users and customers |
Affected:
1.20.5 , < 1.20.5
(custom)
|
Credits
Adel Bouaricha
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:22:44.030339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:23:08.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Import and export users and customers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.20.5",
"status": "affected",
"version": "1.20.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Adel Bouaricha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta\u0026old=2785785%40import-users-from-csv-with-meta"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import and export users and customers \u003c 1.20.5 - Subscriber+ CSV Injection",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3558",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:23:08.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1255 (GCVE-0-2022-1255)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Title
Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
Summary
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import and export users and customers |
Affected:
1.19.2.1 , < 1.19.2.1
(custom)
|
Credits
0x23.so
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Import and export users and customers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.19.2.1",
"status": "affected",
"version": "1.19.2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0x23.so"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:52",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1255",
"STATE": "PUBLIC",
"TITLE": "Import and export users and customers \u003c 1.19.2.1 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Import and export users and customers",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.19.2.1",
"version_value": "1.19.2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0x23.so"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1255",
"datePublished": "2022-05-02T16:05:52",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}