46 matches found
WordPress Course Booking System plugin <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export vulnerability
Missing Authorization to Unauthenticated Booking Data Export vulnerability discovered by Powpy in WordPress Plugin Course Booking System versions = 6.1.5...
EUVD-2025-203077
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...
CVE-2025-13414
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
EUVD-2025-199583
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
CVE-2025-13414
CVE-2025-13414 affects the Chamber Dashboard Business Directory plugin for WordPress. The vulnerability arises from a missing capability check on the export function (cdash_watch_for_export), enabling unauthenticated attackers to export sensitive business-directory data. All versions up to and in...
CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
EUVD-2025-35354
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...
CVE-2025-10638 NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...
WordPress plugin NS Maintenance Mode for WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
EUVD-2021-34180
Malicious code in bioql PyPI...
CVE-2021-4353
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...
WordPress IP2Location Redirection plugin <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export vulnerability
Missing Authorization to Unauthenticated Settings Export vulnerability discovered by Krzysztof Zając in WordPress Plugin IP2Location Redirection versions = 1.33.3...
WordPress Safe Ai Malware Protection for WP plugin <= 1.0.17 - Missing Authorization to Unauthenticated Database Export vulnerability
Missing Authorization to Unauthenticated Database Export vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Safe Ai Malware Protection for WP versions = 1.0.17...
WordPress Export Import Menus plugin <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export vulnerability
Missing Authorization to Unauthenticated Menu Export vulnerability discovered by BrokenAC ignore in WordPress Plugin Export Import Menus versions = 1.9.1...
CVE-2024-11334
The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportarregistros function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data...
CVE-2024-1122
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...
CVE-2023-6289 Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...
VulnCheck KEV: CVE-2022-39960
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a plugins/servlet/groupexportforjira/admin/ URI...