47 matches found
CVE-2024-7514
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...
Exploit for CVE-2024-7514
CVE-2024-7514 WordPress Comments Import & Export = 2.3...
CVE-2024-7514
Summary: CVE-2024-7514 affects WordPress plugin WordPress Comments Import & Export (
CVE-2024-7514 WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...
WordPress plugin Comments Import & Export 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists...
WordPress WordPress Comments Import & Export plugin <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal vulnerability
Authenticated Author+ Arbitrary File Read via Directory Traversal vulnerability discovered by scottaglia in WordPress Plugin Comments Import & Export versions = 2.3.7...
WordPress WordPress Comments Import & Export Plugin <= 2.3.7 is vulnerable to Directory Traversal
Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-7514 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 06055d28d8b6 Credits scottaglia Required...
CVE-2024-31235
Cross-Site Request Forgery CSRF vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5...
CVE-2024-31235 WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5...
WordPress Plugin WordPress Comments Import & Export 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Comments Import & Export A cross-site request...
WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WordPress Comments Import & Export versions = 2.3.5...
WordPress WordPress Comments Import & Export Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8fb386b6b6f3 Credits...
CVE-2022-45370
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1...
Input validation
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1...
CVE-2022-45370 WordPress WordPress Comments Import & Export plugin <= 2.3.1 - CSV Injection
A vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce.This issue affects Comments Import & Export: from n/a through = 2.3.1...
CVE-2022-45370
The CVE CVE-2022-45370 concerns the WebToffee WordPress Comments Import & Export plugin (versions 2.3.1 and earlier). The issue is an improper neutralization of formula elements in CSV files (CSV Injection) when importing/exporting comments, allowing unauthenticated attackers to craft CSV payload...
WordPress Plugin WordPress Comments Import & Export Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection
Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45370 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aa57ae50e983 Credits Mika Required privilege...
WordPress Comments Import & Export plugin <= 2.1.10 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by WordFence in WordPress Comments Import & Export plugin versions = 2.1.10. Solution Update the WordPress Comments Import & Export plugin to the latest available version at least 2.1.11...
WordPress Plugin Comments Import Export 2.0.4 - CSV Injection
WordPress Plugin Comments Import Export 2.0.4 - CSV Injection Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected...