CVE-2022-3244

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...

Design/Logic Flaw

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...

WordPress Plugin Import all XML, CSV & TXT 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Import all XML, CSV & TXT ...

CVE-2022-3244

CVE-2022-3244 pertains to the WordPress plugin “Import all XML, CSV & TXT”. Affected versions are prior to 6.5.8, with a lack of authorization in certain areas that could allow any authenticated user to access some plugin features if they obtain the related nonce. This is a post-authentication is...

CVE-2022-3244 Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...

CVE-2022-3244 Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...

WordPress Simple File List cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Simple File List versions prior to 4.4.12 are vulnerable to cross-site request forgery, which stems...

CVE-2022-3208

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

CVE-2022-3208

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

CVE-2022-3208

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

Cross site request forgery (csrf)

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

CVE-2022-3208 Simple File List < 4.4.13 - Page Creation via CSRF

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

A cancelled order can be executed again by the order creator.

Lines of code Vulnerability details Impact A cancelled order can be executed again by the order creator. While validating the signature, it doesn't check any conditions when order.order.trader == msg.sender here so the already cancelled/filled orders can be executed again when the caller increase...

WordPress plugin Simple File List 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Simple File List versions prior to 4.4.12 are vulnerable to cross-site request forgery, which stems...

Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation

The plugin does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...

CVE-2022-2912

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

CVE-2022-2912

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

Server side request forgery (ssrf)

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

CVE-2022-2912 Craw Data <= 1.0.0 - Server Side Request Forgery

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

CVE-2022-2912 Craw Data <= 1.0.0 - Server Side Request Forgery

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...