Vulnerabilities and security researches forcomments-import-export-woocommerce comments-import-export-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2024-31235
Home page URL: Security reports for WordPress Comments Import & Export
Application: WordPress Comments Import & Export
Date: Apr 12, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2018-11526
Home page URL: Security reports for WordPress Comments Import & Export
Application: WordPress Comments Import & Export
Date: Jun 20, 2018
Research Description: The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-45370
Home page URL: Security reports for WordPress Comments Import & Export
Application: WordPress Comments Import & Export
Date: Nov 07, 2023
Research Description: Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1.
Affected versions: Min -, max -.
Status: vulnerable

Oct 11, 2024

CVE, Research URL: CVE-2024-7514
Home page URL: Security reports for WordPress Comments Import & Export
Application: WordPress Comments Import & Export
Date: Oct 11, 2024
Research Description: The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9
Affected versions: Min -, max -.
Status: vulnerable

Jun 14, 2025

CVE, Research URL: CVE-2025-3919
Home page URL: Security reports for WordPress Comments Import & Export
Application: WordPress Comments Import & Export
Date: Jun 03, 2025
Research Description: The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
Affected versions: Min -, max -.
Status: vulnerable