CVE-2025-24689

MEDIUM

Import and export users and customers <= 1.27.12 - Sensitive Data Exposure via Externally-Accessible File

Title source: llm

Description

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers: from n/a through <= 1.27.12.

References (2)

Core 2

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve

Scores

CVSS v3 5.9

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-538

Status published

Products (2)

codection/Import and export users and customers < 1.27.12

Javier Carazo/Import and export users and customers < 1.27.12

Published Jan 27, 2025

Tracked Since Feb 18, 2026