CVE-2024-34815 MEDIUM

CVE-2024-34815: WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability

Vendor Javier Carazo

Product Import and export users and customers

Weakness CWE-862 · Missing authorization

Published June 11, 2024

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.

Key dates

02Disclosure timeline

June 11, 2024 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-34815 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-46244 WordPress Advanced Linked Variations for Woocommerce plugin <= 1.0.3 - Broken Access Control Vulnerability CVE-2024-1991 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion CVE-2024-32829 WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability CVE-2024-0617 Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()

Identifiers

CVE CVE-2024-34815

CWE CWE-862

CVSS 5.4 / MEDIUM

Affected versions

Vendor Javier Carazo

Product Import and export users and customers

Affected ≤ 1.26.5