Lucene search
+L

265 matches found

Cvelist
Cvelist
added 2024/05/23 2:33 a.m.31 views

CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...

4.7CVSS4.8AI score0.00374EPSS
Exploits0References3
CVE
CVE
added 2024/05/23 2:33 a.m.64 views

CVE-2024-4895

CVE-2024-4895 affects the WordPress plugin WPDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin up to version 3.4.2.12. It is a Stored Cross-Site Scripting vulnerability via the CSV import functionality, allowing unauthenticated attackers to inject scripts that execute when u...

4.7CVSS4.8AI score0.00374EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.16 views

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.14 - Unauthenticated Stored Cross-Site Scripting via CSV Import

Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping...

4.7CVSS6AI score0.00374EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.7 views

PT-2024-33291 · WordPress · Wpdatatables

Name of the Vulnerable Software and Affected Versions: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin versions up to, and including, 3.4.2.12 Description: The issue is related to Stored Cross-Site Scripting via the CSV import functionality due to insufficient input...

4.7CVSS6.2AI score0.00374EPSS
Exploits0References6
OSV
OSV
added 2024/04/15 8:15 a.m.5 views

CVE-2024-32431

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2...

7.2CVSS5.8AI score0.00384EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

WordPress Plugin Import any XML or CSV File to WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Import any XML or CS...

4.3CVSS6.7AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/06 12:0 a.m.5 views

WordPress Plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin Email...

4.4CVSS7.9AI score0.0035EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.14 views

Icegram Express < 5.7.16 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and...

4.4CVSS5.7AI score0.0035EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/01/24 7:2 a.m.17 views

Improper Access Control

Silverstripe Admin is vulnerable to Improper Access Control. The vulnerability is caused due to improper access control permissions during CSV import operations. This allows an attacker to modify existing records using the CSV import feature, even if they do not have the explicit edit permissions...

4.3CVSS6.8AI score0.00341EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/23 8:9 p.m.25 views

No permission checks for editing/deleting records with CSV import form

Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...

4.3CVSS4.5AI score0.00341EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/01/23 8:9 p.m.11 views

GHSA-J3M6-GVM8-MHVW No permission checks for editing/deleting records with CSV import form

Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...

4.3CVSS4.4AI score0.00341EPSS
Exploits0References8
NVD
NVD
added 2024/01/23 2:15 p.m.48 views

CVE-2023-49783

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.5AI score0.00341EPSS
Exploits0References2
Prion
Prion
added 2024/01/23 2:15 p.m.21 views

Code injection

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4CVSS7AI score0.00341EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/01/23 1:54 p.m.51 views

CVE-2023-49783

CVE-2023-49783 affects SilverStripe Admin. In 1.x before 1.13.19 and 2.x before 2.1.8, users who lack edit/delete permissions for ModelAdmin records can still edit/delete records via the CSV import form if they have create permissions. The issue can enable unintended record modification, though t...

4.3CVSS4.4AI score0.00341EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/23 1:54 p.m.56 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.8AI score0.00341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/23 1:54 p.m.1 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS7AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2024/01/23 1:54 p.m.35 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.7AI score0.00341EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2024/01/23 3:15 a.m.32 views

CVE-2023-49783 No permission checks for editing or deleting records with CSV import form

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-49783...

4.3CVSS7.2AI score0.00341EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.10 views

PT-2024-13800 · Silverstripe · Silverstripe/Admin

Name of the Vulnerable Software and Affected Versions: Silverstripe Admin versions 1.x prior to 1.13.19 Silverstripe Admin versions 2.x prior to 2.1.8 Description: The issue allows users who don't have edit or delete permissions for records exposed in a ModelAdmin to still edit or delete records...

4.3CVSS4.3AI score0.00341EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

WordPress plugin Directorist security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

2.7CVSS6.4AI score0.01342EPSS
Exploits2References2
Rows per page
Query Builder