Comments Import & Export
Approved changes feed: RSS · Atom
cpe:2.3:a:webtoffee:comments_import_&_export:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Webtoffee (e4f96395-4c7d-5ae2-a626-a2bd0042f0d9) |
|---|---|
| Product | Comments Import & Export (118fd2ba-c776-5ffb-9156-27130298922c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-32441 |
vulnerable | 2026-06-03 15:20:43.045799 |
WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability
HIGH (7.7)
Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9.
Published: 2026-03-25T16:14:57.389Z
Updated: 2026-04-29T09:51:59.449Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3919 |
vulnerable | 2026-06-03 15:01:05.940307 |
WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
MEDIUM (6.4)
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
Published: 2025-06-02T22:22:35.834Z
Updated: 2026-04-08T17:34:03.128Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7514 |
vulnerable | 2026-06-03 14:58:06.085528 |
WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal
MEDIUM (6.5)
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9
Published: 2024-10-11T08:30:45.127Z
Updated: 2026-04-08T16:44:54.211Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45370 |
vulnerable | 2026-06-03 14:48:24.067106 |
WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection
MEDIUM (6.1)
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1.
Published: 2023-11-07T16:56:09.718Z
Updated: 2026-04-28T16:07:52.592Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.