56 matches found
WordPress Admin Columns PRO premium plugin <= 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns PRO premium plugin versions = 5.5.1. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.2...
WordPress Admin Columns plugin <= 4.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns plugin versions = 4.3.1. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3.2...
WordPress Admin Columns plugin <= 4.2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns plugin versions = 4.2.7. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3...
Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field
The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...
Admin Columns Free < 4.3 & Pro < 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) in Label
The Admin Columns WordPress plugin, Free and Pro versions, rendered input on the posted pages with improper input validation on the value passed into the field Label parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it...
Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field
The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...
WordPress Admin Columns PRO premium plugin <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns PRO premium plugin versions = 5.4.4. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.1...
WordPress codepress-admin-columns injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. codepress-admin-columns is a content management plugin used in it. An injection vulnerability exists in WordPress...
WordPress Admin Columns plugin <= 3.4.6 CSV Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113559";...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
Input validation
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
CVE-2019-17661 affects the WordPress plugin codepress-admin-columns (Admin Columns) v3.4.6. A CSV injection vulnerability allows a user with a crafted name (containing a formula) to cause exported CSV data to execute in Excel, potentially enabling remote control of a victim’s machine. The in‑docu...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
CVE-2019-17661
A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...
PT-2019-15242 · Microsoft +1 · Office Excel +1
Name of the Vulnerable Software and Affected Versions: codepress-admin-columns plugin version 3.4.6 Description: A CSV injection in the codepress-admin-columns plugin for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as their first or last...