CVE-2025-1970

High CVSS: 7.6

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vendor

Webtoffee

Product

Import Export Wordpress Users

CWE

CWE-918

Yayın Tarihi

2025-03-22 12:15:25

Güncelleme

2025-07-09 17:57:31

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-918 Import Export Wordpress Users HIGH Webtoffee 2025

Referanslar

https://plugins.trac.wordpress.org/browser/users-customers-import-export-for-wp-woocommerce/trunk/admin/modules/import/classes/class-import-ajax.php#L175 https://plugins.trac.wordpress.org/changeset/3259688/ https://wordpress.org/plugins/users-customers-import-export-for-wp-woocommerce/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/5a4d7d40-8e0e-4251-8e25-3fd4ebd3a93e?source=cve

Benzer Kayıtlar

Medium

CVE-2024-8286

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which co…

Medium

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers whe…

Medium

CVE-2025-1769

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Direct…

Low

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitr…

High

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server…

High

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Ob…