CVE-2025-1970

Published Mar 22, 2025

Last updated 14 days ago

CVSS high 7.6

Overview

Description
The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.6
Impact score
4.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-918

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-1970 🔴 HIGH (7.6) 🏢 webtoffee - Export and Import Users and Customers 🏗️ * 🔗 https://t.co/EbhGsT9H4e 🔗 https://t.co/BJeBQwCTDn 🔗 https://t.co/Pux1X9r3SY 🔗 https://t.co/B0TX9ka3tM #CyberCron #VulnAlert #InfoSec https://t.co/gRn9CwBmNi

    @cybercronai

    22 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-1970 Server-Side Request Forgery in WordPress Export and Import Users and Customers Plugin https://t.co/0lqyuSqzlS

    @VulmonFeeds

    22 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. �� CVE-2025-1970 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-22 12:15:25 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/V56SKWlBlC

    @vulns_space

    22 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. New post from https://t.co/uXvPWJy6tj (CVE-2025-1970 | webtoffee Export and Import Users and Customers Plugin up to 2.6.2 on WordPress validate_file server-side request forgery) has been published on https://t.co/JX3FPpyCTd

    @WolfgangSesin

    22 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-1970 The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate… https://t.co/TTrJgLEuAT

    @CVEnew

    22 Mar 2025

    421 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References