CVE-2023-6583 MEDIUM

CVE-2023-6583: Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality

Vendor Carazo

Product Import and export users and customers

Weakness CWE-98 · PHP file inclusion

Published January 11, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.

Key dates

02Disclosure timeline

January 11, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6583

Related vulnerabilities

CVE-2023-6583: Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality

01Description

02Disclosure timeline

03References

04Related CVE