CVE-2026-5335

UNKNOWN 0.0

Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.

Vendor	unknown
Product	magic export & import
Published	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for unknown magic export & import

Be the first to know when new unknown vulnerabilities affecting unknown magic export & import are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Magic Export & Import

0 < 1.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/ed6f00de-bbae-4e89-9d0e-ded0d70e781c/

Credits

Hoang Phuong WPScan