CVE-2026-7641 | carazo Import and Export Users and Customers Plugin up to 2.0.8 on WordPress CSV File /wp-admin/profile.php save_extra_user_profile_fields privileges management

A vulnerability has been found in carazo Import and Export Users and Customers Plugin up to 2.0.8 on WordPress and classified as critical. This affects the function save_extra_user_profile_fields of the file /wp-admin/profile.php of the component CSV File Handler. The manipulation leads to improper privilege management.

This vulnerability is uniquely identified as CVE-2026-7641. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More