CVE-2026-5335
Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Unknown · Magic Export & Importpublic PoCs found — 1
cve_referencewpscan.com/vulnerability/ed6f00de-bbae-4e89-9d0e-ded0d70e781c/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →