138 matches found
CVE-2026-3629 Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'saveextrauserprofilefields' function not properly restricting which user meta keys can be updated via profile fields. The...
CVE-2026-3629
CVE-2026-3629 describes a privilege-escalation flaw in the WordPress plugin “Import and export users and customers” up to version 1.29.7. The root cause is that the function save_extra_user_profile_fields does not properly restrict which user meta keys can be updated via profile fields; specifica...
PT-2026-24217
Name of the Vulnerable Software and Affected Versions Siemens PLCs affected versions not specified Description The software does not properly sanitize the contents of trace files. This could allow an attacker to inject code by socially engineering a legitimate user to import a specially crafted...
CVE-2025-52468
Chamilo LMS contains a stored XSS vulnerability (CVE-2025-52468) in CSV user imports prior to v1.11.30, due to insufficient sanitization in Last Name, First Name, and Username fields. The stored payload is triggered when a user profile is viewed in the context of the authenticated user. Patch rel...
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...
CVE-2025-50186
Chamilo LMS prior to version 1.11.30 is affected by a stored XSS vulnerability in CSV filenames. The issue arises from insufficient sanitization of uploaded CSV names, allowing an attacker to upload a file such as .csv that can execute JavaScript when viewed by administrators or users with access...
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...
CVE-2026-24986
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
CVE-2026-24986
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
EUVD-2026-5248
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
CVE-2026-24986
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
CVE-2026-24986 WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
CVE-2026-24986 WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
CVE-2026-24986
The CVE-2026-24986 entry concerns the WordPress plugin Simple Membership WP user Import (versions
WordPress plugin Simple Membership WP user Import 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2021-47912
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...
CVE-2021-47912 PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...
EUVD-2021-34759
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...
CVE-2021-47912
PHP Melody 3.0 is affected by multiple non-persistent cross-site scripting (XSS) vulnerabilities in the categories, import, and user import components. The root cause is unvalidated/unfiltered parameters leading to client-side script execution and potential hijacking of user sessions. CVSS detail...
CVE-2021-47912 PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...