PT-2024-17417 · WordPress · The Management App For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress version 1.2.0 and earlier Description: The issue is related to arbitrary file uploads due to missing file type...

CVE-2023-3403

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

PT-2023-24645 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.1 Description: The issue allows authenticated attackers with subscriber-level permissions or above to import new users and update existing users due to a missing capability...

Horde 5.2.22 CSV Import Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde CSV import arbitrary PHP code execution', 'Description' = %q The HordeData module version 2.1.4 and before present in Horde Groupware versi...