Primary

Context

Codection WordPress Import and Export Users and Customers Plugin Sensitive Data Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing the retrieval of embedded sensitive data has been identified in the Codection WordPress plugin 'Import and Export Users and Customers', versions prior to 1.27.12. This issue arises from the improper handling of sensitive information, which is inadvertently exposed through files or directories that are accessible externally.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, which could be used to exploit other weaknesses within the system.

Remediation

Users of the affected WordPress plugin should update to version 1.27.13 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Codection WordPress Import and Export Users and Customers Plugin Sensitive Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Codection Import and export users and customers

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating