CVE-2026-5335

Summary

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.

Affected Software

VendorProductVersion RangeStatus
UnknownMagic Export & Import0 < 1.2.0affected

Weaknesses

  • CWE-200 Information Exposure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References