CVE-2020-12074
HIGHImport Export WordPress Users < 1.3.9 - Unauthenticated Privilege Escalation via CSV Import
Title source: llmDescription
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/
Scores
CVSS v3
8.8
EPSS
0.0173
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
webtoffee/import_export_wordpress_users
< 1.3.9
Published
Apr 23, 2020
Tracked Since
Feb 18, 2026