CSV Injection Vulnerability in WordPress Users & WooCommerce Customers Import Export Plugin

CVE-2019-15092 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

Learn more about our Wordpress Pen Testing.