Lucene search
K

668 matches found

Nuclei
Nuclei
added 8 hours ago13 views

Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

8.8CVSS7.1AI score0.02917EPSS
Exploits3References2
CVE
CVE
added 4 days ago9 views

CVE-2026-15026

The CVE concerns the WordPress plugin “Import and export users and customers” (versions

4.3CVSS6.2AI score0.00223EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-15026 Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS0.00223EPSS
Exploits0References8
Patchstack
Patchstack
added 5 days ago5 views

WordPress Import and export users and customers plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Tiago Ventura perses in WordPress Plugin Import and export users and customers versions = 2.4.0...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/06 12:0 a.m.7 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI token...

9.9CVSS5.8AI score0.00685EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/03 6:16 a.m.10 views

CVE-2026-11397

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.38 views

CVE-2026-11397 WP Import Export Lite <= 3.9.30 - Authenticated (Administrator+) Server-Side Request Forgery via 'file_url' Parameter

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.10 views

CVE-2026-11397

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/03 4:30 a.m.11 views

EUVD-2026-41489

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/02 4:7 p.m.4 views

WordPress WP Import Export Lite plugin <= 3.9.30 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by 밥김국 - DDADDA in WordPress Plugin WP Import Export Lite versions = 3.9.30...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.13 views

CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.4AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 2:27 a.m.13 views

EUVD-2026-33246

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS6.1AI score0.00244EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/27 3:33 p.m.20 views

EUVD-2026-32311

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:17 p.m.31 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 11:53 a.m.30 views

CVE-2026-48971

CVE-2026-48971 affects the WordPress plugin WordPress Product Import Export for WooCommerce (WebToffee) up to version 2.5.6. The issue is a Missing Authorization/Broken Access Control vulnerability due to incorrectly configured access control levels, enabling an attacker to exploit over the netwo...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 11:53 a.m.8 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 11:53 a.m.10 views

CVE-2026-48971 WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 11:52 a.m.13 views

WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Product Import Export for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder