Vulnerability Description
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
CVSS Score
8.0
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codection | Import And Export Users And Customers | <= 1.15.5.11 |
Related Weaknesses (CWE)
References
- https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdfExploitThird Party Advisory
- https://mega.nz/file/bSQnlS4R#UY_ozLkvXgXFKzqtTRKeB9RXGi6aEQF3X6eKXdSiBt0ExploitThird Party Advisory
- https://wordpress.org/plugins/import-users-from-csv-with-meta/#:~:text=Install%2
- https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdfExploitThird Party Advisory
- https://mega.nz/file/bSQnlS4R#UY_ozLkvXgXFKzqtTRKeB9RXGi6aEQF3X6eKXdSiBt0ExploitThird Party Advisory
- https://wordpress.org/plugins/import-users-from-csv-with-meta/#:~:text=Install%2
FAQ
What is CVE-2020-22277?
CVE-2020-22277 is a vulnerability with a CVSS score of 8.0 (HIGH). Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
How severe is CVE-2020-22277?
CVE-2020-22277 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-22277?
Check the references section above for vendor advisories and patch information. Affected products include: Codection Import And Export Users And Customers.