58 matches found
CVE-2026-7467 Read More & Accordion <= 3.5.7 - Privilege Escalation via importData
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...
PT-2026-42073
Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The plugin is subject to privilege escalation because the RadMoreAjax::importData function fails to restrict which database tables can be written to during import and does not properly...
CVE-2026-3550
CVE-2026-3550 – RockPress (WordPress) vulnerability : RockPress
CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...
PT-2026-26591
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpress import, rockpress import status, rockpress last import, rockpress reset import, and rockpress check...
CVE-2026-2954
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...
CVE-2026-2954 Dromara UJCMS ImportDataController import-channel importChanel injection
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...
CVE-2026-2954 Dromara UJCMS ImportDataController import-channel importChanel injection
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...
CVE-2026-2954
Dromara UJCMS 10.0.2 is affected in the ImportDataController.importChanel (file /api/backend/ext/import-data/import-channel). The root cause is injection via manipulation of the arguments driverClassName and url, enabling remote exploitation. Public exploit details exist. Red Hat and PT-Security ...
CVE-2026-2954
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...
PT-2026-21455
Name of the Vulnerable Software and Affected Versions Dromara UJCMS version 10.0.2 Description A flaw exists in Dromara UJCMS version 10.0.2 within the ImportDataController component. Specifically, the importChanel function, located in the file /api/backend/ext/import-data/import-channel, is...
CVE-2025-62088
Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site wpscraper allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through = 1.0.7...
EUVD-2025-206023
Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7...
CVE-2025-62088 WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site wpscraper allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through = 1.0.7...
CVE-2025-62088
CVE-2025-62088 is an SSRF vulnerability in the WordPress & WooCommerce Scraper Plugin, Import Data from Any WebSite (
CVE-2025-62088 WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7...
WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...
CVE-2025-64085
A NULL pointer dereference vulnerability in the importDataObject function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service DoS via a crafted input...
EUVD-2025-202265
A NULL pointer dereference vulnerability in the importDataObject function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service DoS via a crafted input...
PDF-XChange Editor 安全漏洞
PDF-XChange Editor is a PDF file viewing software from PDF-XChange running on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor version v10.7.3.401, which originates from the presence of a null pointer dereference in the function importDataObject, which could lead t...