Lucene search
K

8 matches found

NVD
NVD
added 2026/05/17 1:16 p.m.23 views

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

8.7CVSS0.00613EPSS
Exploits0References3
CVE
CVE
added 2026/05/17 12:11 p.m.19 views

CVE-2018-25325

CVE-2018-25325 concerns the Woocommerce CSV Importer 3.3.6 path traversal vulnerability. The issue allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. By sending POST requests that include directory traversal sequences...

8.7CVSS5.9AI score0.00613EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.12 views

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

8.7CVSS5.9AI score0.00613EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.5 views

CVE-2022-1470

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.00739EPSS
Exploits2References1
NVD
NVD
added 2022/06/27 9:15 a.m.13 views

CVE-2022-1470

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00739EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.4 views

WordPress plugin Ultimate WooCommerce CSV Importer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.3AI score0.00739EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/06/02 12:0 a.m.134 views

Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept:...

6.1CVSS6.2AI score0.00739EPSS
Exploits2
Exploit DB
Exploit DB
added 2018/04/09 12:0 a.m.22 views

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution

Exploit Title: Plugin Woocommerce CSV importer 3.3.6 – RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link: https://wordpress.org/plugins/woocommerce-csvimport/ Contact: http://twitter.com/lenonleite Website...

7.4AI score
Exploits0
Rows per page
Query Builder