EUVD-2026-34922

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

PT-2026-47065

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowed classes restriction in the IdsToCollection::get ids from string function, which processes...

EUVD-2021-11278

Malware in sbrugna...

PT-2025-16169 · WordPress · Wpc Admin Columns

Name of the Vulnerable Software and Affected Versions: WPC Admin Columns plugin for WordPress versions 2.0.6 through 2.1.0 Description: The issue is related to privilege escalation due to the plugin not properly restricting user meta values that can be updated through the ajax edit save function...

PT-2021-15902 · WordPress · Admin Columns Pro +1

Name of the Vulnerable Software and Affected Versions: Admin Columns WordPress plugin versions prior to 4.3 Admin Columns Pro WordPress plugin versions prior to 5.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possib...

Input validation

A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...

CVE-2019-17661

CVE-2019-17661 affects the WordPress plugin codepress-admin-columns (Admin Columns) v3.4.6. A CSV injection vulnerability allows a user with a crafted name (containing a formula) to cause exported CSV data to execute in Excel, potentially enabling remote control of a victim’s machine. The in‑docu...