CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2024-7620

The CVE-2024-7620 entry concerns the WordPress plugin Customizer Export/Import (

CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

PT-2024-38457 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import plugin for WordPress versions up to, and including, 0.9.7 Description: The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import...

WordPress plugin Customizer Export/Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for...

CVE-2024-3249

CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...

CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importxmldata, xmldataimport, importoptiondata, importwidgets, and importcustomizersettings functions in all versions up to, and including, 1.6.2. This...

CVE-2024-32781 WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0...

CVE-2024-32781

Technical details about CVE-2024-32781 (affected product, root cause, impact, or fix) are not provided in the supplied documents. Monitor for updates from vulnerability trackers and vendor advisories.

CVE-2024-32781 WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0...

WordPress plugin Email Customizer for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2024-24853 · Woocommerce · Email Customizer For Woocommerce

Name of the Vulnerable Software and Affected Versions: Email Customizer for WooCommerce versions n/a through 2.6.0 Description: The issue is related to Exposure of Sensitive Information to an Unauthorized Actor, affecting Email Customizer for WooCommerce. Recommendations: For versions n/a through...

WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Email Customizer for WooCommerce versions = 2.6.0...

WordPress Email Customizer for WooCommerce Plugin <= 2.6.0 is vulnerable to Sensitive Data Exposure

Software Email Customizer for WooCommerce Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-32781 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID bb85c76645da Credits Emili...

BIT-WORDPRESS-2020-11025 Authenticated cross-site scripting (XSS) in WordPress Customizer

In affected versions of WordPress, a cross-site scripting XSS vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a min...

BIT-WORDPRESS-MULTISITE-2020-11025 Authenticated cross-site scripting (XSS) in WordPress Customizer

In affected versions of WordPress, a cross-site scripting XSS vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a min...

Cross site request forgery (csrf)

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

CVE-2024-1687

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

CVE-2024-1686

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the applylayout function due to a missing capability check. This makes it possible for authenticated attackers, with...