Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.5 views

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

7.5CVSS6.5AI score0.00575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.5 views

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...

7.5CVSS6.7AI score0.39867EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.14 views

CVE-2023-6592

The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...

5.3CVSS6.7AI score0.00913EPSS
Exploits1
OSV
OSV
added 2024/11/07 4:14 p.m.47 views

GHSA-4HXW-GC2Q-F6F3 Filament has exported files stored in default (`public`) filesystem if not reconfigured

All Filament features that interact with storage use the defaultfilesystemdisk config option. This allows the user to easily swap their storage driver to something production-ready like s3 when deploying their app, without having to touch multiple configuration options and potentially forgetting...

2.4CVSS5.4AI score0.00537EPSS
Exploits0References6
OSV
OSV
added 2024/01/16 4:15 p.m.3 views

CVE-2023-6592

The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...

5.3CVSS7.3AI score0.00913EPSS
Exploits1References2
NVD
NVD
added 2024/01/16 4:15 p.m.31 views

CVE-2023-6592

The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...

5.3CVSS5.3AI score0.00913EPSS
Exploits1References2
Prion
Prion
added 2024/01/16 4:15 p.m.27 views

Design/Logic Flaw

The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files...

5CVSS6.9AI score0.00913EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.11 views

PT-2024-15017

Name of the Vulnerable Software and Affected Versions FastDup WordPress plugin versions prior to 2.2 Description The issue concerns the FastDup WordPress plugin, which does not prevent directory listing in sensitive directories containing export files. This could potentially expose sensitive...

5.3CVSS6.7AI score0.00913EPSS
Exploits1References9
NVD
NVD
added 2024/01/08 7:15 p.m.22 views

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...

7.5CVSS7.5AI score0.39867EPSS
Exploits1References1
OSV
OSV
added 2024/01/08 7:15 p.m.4 views

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...

7.5CVSS5.8AI score0.39867EPSS
Exploits1References1
Prion
Prion
added 2024/01/08 7:15 p.m.13 views

Design/Logic Flaw

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files...

5CVSS6.9AI score0.39867EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.4 views

PT-2024-14982 · WordPress · Migrate Wordpress Website & Backups

Name of the Vulnerable Software and Affected Versions: Migrate WordPress Website & Backups WordPress plugin versions prior to 1.9.3 Description: The issue concerns the Migrate WordPress Website & Backups WordPress plugin, which does not prevent directory listing in sensitive directories containin...

7.5CVSS7.4AI score0.39867EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.4 views

SUSE CVE-2016-9855

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

5.3CVSS6.8AI score0.02497EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.6 views

SUSE CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

5.3CVSS6.8AI score0.02542EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.5 views

WordPress plugin Advanced Order Export For WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS6.3AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2022/10/25 9:15 p.m.3 views

CVE-2022-33180

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...

5.5CVSS7.1AI score0.00212EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 4:58 a.m.30 views

phpMyAdmin Remote Code Execution

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

4.6CVSS7.6AI score0.08753EPSS
Exploits7References9Affected Software1
Cvelist
Cvelist
added 2021/05/26 7:20 p.m.32 views

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

6.8AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2021/05/06 1:15 p.m.11 views

CVE-2021-24249

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as...

6.5CVSS0.00708EPSS
Exploits2References1
NVD
NVD
added 2021/03/18 3:15 p.m.40 views

CVE-2021-24146

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...

7.5CVSS0.31043EPSS
Exploits5References2
Rows per page
Query Builder