CVE-2023-6583: 
WordPress vulnerability analysis and mitigation

The Import and export users and customers plugin for WordPress (CVE-2023-6583) is vulnerable to Directory Traversal in versions up to and including 1.24.2. This vulnerability was discovered in the Recurring Import functionality and was disclosed on January 11, 2024 (NVD).

The vulnerability exists in the Recurring Import functionality of the plugin, allowing authenticated attackers with administrator privileges to perform directory traversal attacks. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) by NVD with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Wordfence assigned a score of 6.6 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows authenticated attackers with administrator access to read and delete the contents of arbitrary files on the server, including sensitive files such as wp-config.php which may contain critical configuration information and credentials (NVD).

A patch has been released to address this vulnerability. Users should update the Import and export users and customers plugin to a version newer than 1.24.2 (Wordpress Patch).