14 matches found
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the AddBinaryProperty function of the FBX Importer, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy without runtime length validation. An attacker can achieve...
CVE-2026-40730
CVE-2026-40730 describes a missing authorization flaw in the WordPress ThemeGrill Demo Importer plugin that enables access-control misconfigurations (affected: ThemeGrill Demo Importer up to and including 2.0.0.6). Connected sources confirm the issue, with the PT-2026-33041 advisory identifying v...
PT-2025-46579
Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.34 Description The WP Import – Ultimate CSV XML Importer for WordPress plugin contains a flaw that allows unauthorized access to sensitive information. This is due ...
CVE-2025-10312
CVE-2025-10312 : WordPress Theme Importer plugin
WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in th...
CVE-2024-13889
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...
CVE-2024-13889
CVE-2024-13889 affects WordPress Importer (WordPress Importer plugin) up to version 0.8.3 via PHP Object Injection in maybe_unserialize. Exploitation requires Administrator+ access and, crucially, a POP chain present from another plugin/theme; without a POP chain, impact is limited. The vulnerabi...
CVE-2024-13899
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access a...
CVE-2024-13899 Mambo Importer <= 1.0 - Authenticated (Administrator+) PHP Object Injection
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access a...
CVE-2024-12817
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productlink' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12817 Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productlink' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
SUSE CVE-2020-28594
A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
PT-2023-30242 · Apache · Apache Allura
Name of the Vulnerable Software and Affected Versions: Apache Allura versions 1.0.1 through 1.15.0 Description: The issue allows project administrators to import attachments with unrestricted URL values, potentially causing Apache Allura to read local files and expose them. This exposure can lead...
SUSE-SU-2020:2604-1 Security update for gimp
This update for gimp fixes the following issue: - CVE-2017-17789: Fix heap buffer overflow in PSP importer bsc1073627...