CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

WooCommerce 路径遍历漏洞

WooCommerce is an open-source e-commerce platform built on WordPress by WooCommerce Inc. Version 3.3.6 of WooCommerce has a path traversal vulnerability. This vulnerability allows any registered user to submit unescaped file names through the deleteexportfile AJAX operation, potentially leading t...

PT-2026-41551

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete export file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename...

WordPress plugin Houzez Property Feed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-6432 · WordPress · Houzez Property Feed

Name of the Vulnerable Software and Affected Versions: Houzez Property Feed plugin for WordPress versions up to, and including, 2.4.21 Description: The issue is due to missing or incorrect nonce validation on the deleteexport action, making it possible for unauthenticated attackers to delete...

CVE-2021-4409

The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpfdeletefeed function. This makes it possible for unauthenticated attackers to delete an export...

Cross site request forgery (csrf)

The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpfdeletefeed function. This makes it possible for unauthenticated attackers to delete an export...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Exports for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Export's names on server. I convert the...