CVE-2026-0825

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...

PT-2025-39705

Name of the Vulnerable Software and Affected Versions Ninja Forms – The Contact Form Builder That Grows With You versions prior to 3.12.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to inadequate nonce validation when exporting CSV files. This allows...

PT-2024-40381 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: CMS affected versions not specified Description: The issue concerns the CSV export feature of the CMS, where the output can contain macros and scripts. If these are imported into software like Microsoft Excel without proper sanitization, they...

PT-2018-18718 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.6-15266 Description: The issue is related to improper neutralization of escape in the Log Exporter component, allowing remote attackers to inject arbitrary content when exporting an archi...

CVE-2018-9106

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export...