Does Export and Import Users and Customers have any unpatched vulnerabilities?

No. All known vulnerabilities in Export and Import Users and Customers have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Export and Import Users and Customers compatible with WordPress 6.9.4?

According to WordPress.org data, Export and Import Users and Customers 2.7.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Export and Import Users and Customers compatible with PHP 5.6+?

Export and Import Users and Customers requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Export and Import Users and Customers updated?

Export and Import Users and Customers was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Export and Import Users and Customers's security score?

Export and Import Users and Customers has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Export and Import Users and Customers Security & Risk Analysis

wordpress.org/plugins/users-customers-import-export-for-wp-woocommerce

Import and export WordPress users and WooCommerce customers using CSV. Migrate to your new site without any data loss.

60K active installs v2.7.2 PHP 5.6+ WP 3.0.1+ Updated Mar 10, 2026

export-customersexport-users-to-csvimport-customersimport-users-from-csvimport-export

A · Safe

CVEs total9

Unpatched0

Last CVEMar 21, 2025

Plugin page Download

Safety Verdict

Is Export and Import Users and Customers Safe to Use in 2026?

Generally Safe

Score 95/100

Export and Import Users and Customers has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Mar 21, 2025Updated 24d ago

Risk Assessment

The plugin "users-customers-import-export-for-wp-woocommerce" v2.7.2 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for a high percentage of its SQL queries (89%) and properly escaping the vast majority of its outputs (93%), several concerning areas remain. The significant attack surface, with 15 AJAX handlers, 7 of which lack authentication checks, presents a notable risk. This, combined with a high severity taint flow found during analysis, suggests potential vulnerabilities where unauthenticated or improperly authenticated user input could be manipulated for malicious purposes. The plugin's vulnerability history is particularly alarming, with 9 known CVEs, all of which are currently patched. However, the common types of past vulnerabilities, including Path Traversal, SSRF, and Deserialization, indicate a recurring pattern of exploitable weaknesses that require careful attention. The fact that all past vulnerabilities are patched is a positive sign, but the sheer volume and nature of past issues, coupled with the current untrusted taint flow, warrant a cautious approach.

Key Concerns

Unprotected AJAX handlers
High severity taint flow
Bundled library (Select2) potentially outdated
Multiple past high severity vulnerabilities
Multiple past medium/low severity vulnerabilities

Vulnerabilities

Export and Import Users and Customers Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

2 CVEs in 2023

2023

2 CVEs in 2024

2024

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

Low

9 total CVEs

CVE-2025-1973medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

Mar 21, 2025 Patched in 2.6.3 (1d)

CVE-2025-1972low · 2.7External Control of File Name or Path

Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

Mar 21, 2025 Patched in 2.6.3 (1d)

CVE-2025-1971high · 7.2Deserialization of Untrusted Data

Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter

Mar 21, 2025 Patched in 2.6.3 (1d)

CVE-2025-1970high · 7.6Server-Side Request Forgery (SSRF)

Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

Mar 21, 2025 Patched in 2.6.3 (1d)

CVE-2024-32835high · 7.2Deserialization of Untrusted Data

Export and Import Users and Customers <= 2.5.3 - Authenticated (Admin+) PHP Object Injection

Apr 22, 2024 Patched in 2.5.4 (317d)

CVE-2024-30492low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Import Export WordPress Users <= 2.5.2 - Authenticated (Shop Manager+) Path Traversal

Mar 28, 2024 Patched in 2.5.3 (7d)

CVE-2023-6558high · 7.2Unrestricted Upload of File with Dangerous Type

Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload

Dec 12, 2023 Patched in 2.4.9 (42d)

CVE-2023-3459high · 7.2Incorrect Authorization

Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change

Jul 14, 2023 Patched in 2.4.2 (193d)

CVE-2019-15092high · 7.3Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Import Export WordPress Users and WooCommerce Customers <= 1.3.1 - CSV Injection

Aug 22, 2018 Patched in 1.3.2 (1980d)

Code Analysis

Analyzed Mar 16, 2026

Export and Import Users and Customers Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

969 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

89% prepared56 total queries

Output Escaping

93% escaped1046 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

13 flows7 with unsanitized paths

download_file (admin\modules\export\export.php:833)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Export and Import Users and Customers Attack Surface

Entry Points15

Unprotected7

AJAX Handlers 15

authwp_ajax_wbte_ema_banner_analytics_page_dismissadmin\banner\class-wbte-ema-banner.php:47

authwp_ajax_wbte_sc_hide_promotion_banneradmin\banner\class-wt-bfcm-twenty-twenty-five.php:91

authwp_ajax_wt_uiew_top_header_loadedadmin\class-wt-import-export-for-woo-admin.php:84

authwp_ajax_wt_dismiss_product_ie_cta_banneradmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:40

authwp_ajax_wt_dismiss_invoice_cta_banneradmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:40

authwp_ajax_wt_dismiss_smart_coupon_cta_banneradmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:39

authwp_ajax_iew_export_ajax_basicadmin\modules\export\export.php:110

authwp_ajax_iew_history_ajax_basicadmin\modules\history\history.php:61

authwp_ajax_iew_import_ajax_basicadmin\modules\import\import.php:104

authwp_ajax_wt_iew_request_a_featureadmin\modules\request_feature\request_feature.php:27

authwp_ajax_wt_iew_save_settings_basicincludes\class-wt-import-export-for-woo.php:219

authwp_ajax_wt_iew_delete_templateincludes\class-wt-import-export-for-woo.php:220

authwp_ajax_wt_iew_ajax_user_searchincludes\class-wt-import-export-for-woo.php:221

authwp_ajax_userimport_submit_uninstall_reasonincludes\class-wt-userimport-uninstall-feedback.php:11

authwp_ajax_wt_iew_dismiss_wc_pages_banneruser_import_export_review_request.php:112

WordPress Hooks 70

actionadmin_enqueue_scriptsadmin\banner\class-wbte-ema-banner.php:45

actionadmin_footeradmin\banner\class-wbte-ema-banner.php:46

actionadmin_initadmin\banner\class-wbte-ema-banner.php:182

actionadmin_enqueue_scriptsadmin\banner\class-wt-bfcm-twenty-twenty-five.php:80

actionadmin_noticesadmin\banner\class-wt-bfcm-twenty-twenty-five.php:83

actionadmin_head-edit.phpadmin\banner\class-wt-bfcm-twenty-twenty-five.php:88

actionadmin_print_scriptsadmin\class-wt-import-export-for-woo-admin.php:86

actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:38

actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:39

actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:38

actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:39

actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:37

actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:38

filterwt_iew_advanced_setting_fields_basicadmin\modules\export\export.php:104

filterwt_iew_admin_menu_basicadmin\modules\export\export.php:113

actionadmin_initadmin\modules\export\export.php:116

filterwt_iew_admin_menu_basicadmin\modules\history\history.php:55

filterwt_iew_advanced_setting_fields_basicadmin\modules\history\history.php:58

actionwt_iew_after_advanced_setting_update_basicadmin\modules\history\history.php:64

actionadmin_initadmin\modules\history\history.php:67

filterwt_iew_advanced_setting_fields_basicadmin\modules\import\import.php:98

filterwt_iew_admin_menu_basicadmin\modules\import\import.php:107

actionadmin_enqueue_scriptsadmin\modules\request_feature\request_feature.php:24

actionwt_iew_plugin_settings_after_wrapadmin\modules\request_feature\request_feature.php:25

actionadmin_footeradmin\modules\request_feature\request_feature.php:26

filtersend_password_change_emailadmin\modules\user\import\import.php:593

filterwt_iew_exporter_post_types_basicadmin\modules\user\user.php:44

filterwt_iew_importer_post_types_basicadmin\modules\user\user.php:45

filterwt_iew_exporter_alter_filter_fields_basicadmin\modules\user\user.php:47

filterwt_iew_exporter_alter_mapping_fields_basicadmin\modules\user\user.php:49

filterwt_iew_importer_alter_mapping_fields_basicadmin\modules\user\user.php:50

filterwt_iew_exporter_alter_advanced_fields_basicadmin\modules\user\user.php:52

filterwt_iew_importer_alter_advanced_fields_basicadmin\modules\user\user.php:53

filterwt_iew_exporter_alter_meta_mapping_fields_basicadmin\modules\user\user.php:55

filterwt_iew_exporter_alter_mapping_enabled_fields_basicadmin\modules\user\user.php:57

filterwt_iew_importer_alter_mapping_enabled_fields_basicadmin\modules\user\user.php:58

filterwt_iew_exporter_do_export_basicadmin\modules\user\user.php:60

filterwt_iew_importer_do_import_basicadmin\modules\user\user.php:61

filterwt_iew_importer_steps_basicadmin\modules\user\user.php:63

actionadmin_footeradmin\modules\user\user.php:65

actionload-users.phpadmin\modules\user\user.php:66

filterwp_kses_allowed_htmladmin\wt-ds\class-wbte-ds.php:115

actionadmin_enqueue_scriptsadmin\wt-ds\class-wbte-ds.php:118

actionadmin_noticeshelpers\class-wt-common-helper.php:74

actioninitincludes\class-wt-import-export-for-woo.php:205

actionadmin_menuincludes\class-wt-import-export-for-woo.php:229

actionadmin_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:232

actionadmin_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:233

actionexport_filtersincludes\class-wt-import-export-for-woo.php:235

filterwt_bfcm_banner_screensincludes\class-wt-import-export-for-woo.php:242

actionwp_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:256

actionwp_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:257

actionadmin_noticesincludes\class-wt-non-apache-info.php:31

actionadmin_print_footer_scriptsincludes\class-wt-non-apache-info.php:32

actionadmin_footerincludes\class-wt-userimport-uninstall-feedback.php:10

actioninitusers-customers-import-export-for-wp-woocommerce.php:123

actionadmin_print_footer_scriptsusers-customers-import-export-for-wp-woocommerce.php:155

actionin_plugin_update_message-users-customers-import-export-for-wp-woocommerce/users-customers-import-export-for-wp-woocommerce.phpusers-customers-import-export-for-wp-woocommerce.php:166

actionwt_user_addon_basic_help_contentusers-customers-import-export-for-wp-woocommerce.php:195

actionwt_user_addon_basic_gopro_contentusers-customers-import-export-for-wp-woocommerce.php:213

filtermanage_users_extra_tablenavusers-customers-import-export-for-wp-woocommerce.php:254

actionadmin_headusers-customers-import-export-for-wp-woocommerce.php:259

actionbefore_woocommerce_initusers-customers-import-export-for-wp-woocommerce.php:270

actionadmin_initusers-customers-import-export-for-wp-woocommerce.php:349

actionadmin_noticesuser_import_export_review_request.php:70

actioninituser_import_export_review_request.php:88

actionadmin_noticesuser_import_export_review_request.php:105

actionadmin_print_footer_scriptsuser_import_export_review_request.php:106

actionadmin_noticesuser_import_export_review_request.php:111

actionadmin_inituser_import_export_welcome-script.php:7

Maintenance & Trust

Export and Import Users and Customers Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version5.6

Downloads3.0M

Community Trust

Rating96/100

Number of ratings437

Active installs60K

Alternatives

Export and Import Users and Customers Alternatives

Product Import Export for WooCommerce – Import Export Product CSV Suite

product-import-export-for-woo

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, …

90K 7 CVEs

Order Export & Order Import for WooCommerce

order-import-export-for-woocommerce

The best order export import plugin for WooCommerce. Easily import and export WooCommerce orders and WooCommerce coupons using CSV.

60K 7 CVEs

Import Users from CSV

import-users-from-csv

Import users from a CSV into WordPress

20K 1 CVE

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

wp-ultimate-csv-importer

Effortlessly import, export, and migrate your WordPress data with WP Ultimate CSV Importer. This all-in-one solution supports CSV, XML, and Excel file …

20K 26 CVEs

LearnPress – Backup & Migration Tool

learnpress-import-export

LearnPress Export/Import bring you feature to export course, lesson, quiz, question from a LearnPress site to back up or bring to another LearnPress s …

5K 1 unpatched

Developer Profile

Export and Import Users and Customers Developer Profile

WebToffee

17 plugins · 377K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

155 days

View full developer profile

Detection Fingerprints

How We Detect Export and Import Users and Customers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/css/admin.css/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/css/custom-style.css/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/js/admin.js/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/js/custom-script.js/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/js/import-export-users.js

Script Paths

/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/js/admin.js/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/js/custom-script.js/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/assets/js/import-export-users.js

Version Parameters

users-customers-import-export-for-wp-woocommerce/assets/css/admin.css?ver=users-customers-import-export-for-wp-woocommerce/assets/css/custom-style.css?ver=users-customers-import-export-for-wp-woocommerce/assets/js/admin.js?ver=users-customers-import-export-for-wp-woocommerce/assets/js/custom-script.js?ver=users-customers-import-export-for-wp-woocommerce/assets/js/import-export-users.js?ver=

HTML / DOM Fingerprints

CSS Classes

wt-user-import-export-wrapwt_user_import_export_main_divwt_import_export_formwt_import_export_rowwt_import_export_colwt_import_export_header

Data Attributes

data-import-export-noncedata-upload-nonce

JS Globals

wt_import_export_obj

FAQ

Export and Import Users and Customers Security & Risk Analysis

Is Export and Import Users and Customers Safe to Use in 2026?

Generally Safe

Key Concerns

Export and Import Users and Customers Security Vulnerabilities

CVEs by Year

Severity Breakdown

Export and Import Users and Customers Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Export and Import Users and Customers Attack Surface

AJAX Handlers 15

Export and Import Users and Customers Maintenance & Trust

Maintenance Signals

Community Trust

Export and Import Users and Customers Alternatives

Product Import Export for WooCommerce – Import Export Product CSV Suite

Order Export & Order Import for WooCommerce

Import Users from CSV

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

LearnPress – Backup & Migration Tool

Export and Import Users and Customers Developer Profile

How We Detect Export and Import Users and Customers

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Export and Import Users and Customers