A vulnerability was found in Comments Import & Export Plugin up to 2.4.3/2.4.4 on WordPress. It has been declared as problematic. This vulnerability affects the function
save_settings
of the component Setting Handler. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2025-3919. The attack can be initiated remotely. There is no exploit available.