Lucene search
K

56 matches found

Patchstack
Patchstack
added 2021/06/18 12:0 a.m.23 views

WordPress Admin Columns PRO premium plugin <= 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns PRO premium plugin versions = 5.5.1. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.2...

5.4CVSS2.3AI score0.00932EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2021/06/18 12:0 a.m.23 views

WordPress Admin Columns plugin <= 4.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns plugin versions = 4.3.1. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3.2...

5.4CVSS2.3AI score0.00932EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2021/05/31 12:0 a.m.11 views

WordPress Admin Columns plugin <= 4.2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns plugin versions = 4.2.7. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3...

5.4CVSS2.2AI score0.00997EPSS
Exploits1References3Affected Software1
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.127 views

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

5.4CVSS0.1AI score0.00932EPSS
Exploits4References1
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.30 views

Admin Columns Free < 4.3 & Pro < 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) in Label

The Admin Columns WordPress plugin, Free and Pro versions, rendered input on the posted pages with improper input validation on the value passed into the field Label parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it...

5.4CVSS4.1AI score0.00997EPSS
Exploits1References1Affected Software2
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.29 views

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

5.4CVSS0.6AI score0.00932EPSS
Exploits4References1Affected Software2
Patchstack
Patchstack
added 2021/05/31 12:0 a.m.19 views

WordPress Admin Columns PRO premium plugin <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns PRO premium plugin versions = 5.4.4. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.1...

5.4CVSS2.2AI score0.00997EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2019/11/11 12:0 a.m.3 views

WordPress codepress-admin-columns injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. codepress-admin-columns is a content management plugin used in it. An injection vulnerability exists in WordPress...

9CVSS7.2AI score0.0239EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2019/11/11 12:0 a.m.162 views

WordPress Admin Columns plugin <= 3.4.6 CSV Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113559";...

9CVSS8.9AI score0.0239EPSS
Exploits1References2
NVD
NVD
added 2019/11/08 6:15 p.m.9 views

CVE-2019-17661

A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...

9CVSS8.9AI score0.0239EPSS
Exploits1References1
OSV
OSV
added 2019/11/08 6:15 p.m.15 views

CVE-2019-17661

A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...

8.8CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2019/11/08 6:15 p.m.13 views

Input validation

A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...

9CVSS8.9AI score0.0239EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/11/08 6:0 p.m.95 views

CVE-2019-17661

CVE-2019-17661 affects the WordPress plugin codepress-admin-columns (Admin Columns) v3.4.6. A CSV injection vulnerability allows a user with a crafted name (containing a formula) to cause exported CSV data to execute in Excel, potentially enabling remote control of a victim’s machine. The in‑docu...

9CVSS8.9AI score0.0239EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2019/11/08 6:0 p.m.8 views

CVE-2019-17661

A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...

7.5AI score0.0239EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/11/08 6:0 p.m.16 views

CVE-2019-17661

A CSV injection in the codepress-admin-columns aka Admin Columns plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users mig...

9AI score0.0239EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/11/08 12:0 a.m.4 views

PT-2019-15242 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: codepress-admin-columns plugin version 3.4.6 Description: A CSV injection in the codepress-admin-columns plugin for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as their first or last...

9CVSS7.3AI score0.0239EPSS
Exploits1References5
Rows per page
Query Builder