Import Export WordPress Users

WebToffee

Developer

2.6.8

Latest version

60,000

Installations

Nov 7, 2025

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Vulnerability history

0 present

10 fixed

4 Mitigation rules

Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function vulnerability
<= 2.6.2
Mar 24, 2025
Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability
<= 2.6.2
Mar 24, 2025
Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function vulnerability
<= 2.6.2
Mar 24, 2025
Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function vulnerability
<= 2.6.2
Mar 24, 2025
Deserialization of untrusted data vulnerability
<= 2.5.3
Apr 22, 2024
Path Traversal vulnerability
<= 2.5.2
Mar 28, 2024
Authenticated (Shop Manager+) Arbitrary File Upload vulnerability
<= 2.4.8
Dec 13, 2023
Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change vulnerability
<= 2.4.1
Jul 18, 2023
Arbitrary User Creation vulnerability
<= 1.3.8
Mar 11, 2020
CSV Injection vulnerability
<= 1.3.1
Aug 26, 2019