17 matches found
EUVD-2023-40476
Malicious code in bioql PyPI...
CVE-2023-36527
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...
CVE-2022-3393
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
CVE-2023-36527
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...
CVE-2023-36527
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...
CVE-2023-36527
A vulnerability in bestweblayout Post to CSV by BestWebSoft post-to-csv.This issue affects Post to CSV by BestWebSoft: from n/a through = 1.4.0...
CVE-2023-36527
CVE-2023-36527 affects the WordPress plugin Post to CSV by BestWebSoft. The vulnerability stems from improper neutralization of formula elements in CSV files, enabling CSV injection. Affected versions are
PT-2023-25610 · Bestwebsoft · Post To Csv
Name of the Vulnerable Software and Affected Versions: BestWebSoft Post to CSV versions 1.4.0 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file. This can potentially lead to unintended actions when the CSV file is opened or processed...
WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection
Software Post to CSV by BestWebSoft Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-36527 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 7da5ccbd6441 Credits Mika Required privilege Author Publish...
CVE-2022-3393
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
CVE-2022-3393
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
WordPress plugin Post to CSV by BestWebSoft 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
CVE-2022-3393
The CVE-2022-3393 entry covers a CSV injection flaw in the WordPress plugin Post to CSV by BestWebSoft, affecting versions 1.4.0 and earlier. Root cause: the plugin fails to properly escape fields during CSV export, enabling CSV injection. Impact: attacker-controlled CSV output could be crafted t...
Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection - create a post using =5+5 as the title - export the data as CSV /wp-admin/admin.php?page=post-to-csv.php - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets...
WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Post to CSV by BestWebSoft plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...