265 matches found
CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-4895
CVE-2024-4895 affects the WordPress plugin WPDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin up to version 3.4.2.12. It is a Stored Cross-Site Scripting vulnerability via the CSV import functionality, allowing unauthenticated attackers to inject scripts that execute when u...
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.14 - Unauthenticated Stored Cross-Site Scripting via CSV Import
Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping...
PT-2024-33291 · WordPress · Wpdatatables
Name of the Vulnerable Software and Affected Versions: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin versions up to, and including, 3.4.2.12 Description: The issue is related to Stored Cross-Site Scripting via the CSV import functionality due to insufficient input...
CVE-2024-32431
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2...
WordPress Plugin Import any XML or CSV File to WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Import any XML or CS...
WordPress Plugin Email Subscribers by Icegram Express 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin Email...
Icegram Express < 5.7.16 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and...
Improper Access Control
Silverstripe Admin is vulnerable to Improper Access Control. The vulnerability is caused due to improper access control permissions during CSV import operations. This allows an attacker to modify existing records using the CSV import feature, even if they do not have the explicit edit permissions...
No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...
GHSA-J3M6-GVM8-MHVW No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...
CVE-2023-49783
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
Code injection
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783
CVE-2023-49783 affects SilverStripe Admin. In 1.x before 1.13.19 and 2.x before 2.1.8, users who lack edit/delete permissions for ModelAdmin records can still edit/delete records via the CSV import form if they have create permissions. The issue can enable unintended record modification, though t...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783 No permission checks for editing or deleting records with CSV import form
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-49783...
PT-2024-13800 · Silverstripe · Silverstripe/Admin
Name of the Vulnerable Software and Affected Versions: Silverstripe Admin versions 1.x prior to 1.13.19 Silverstripe Admin versions 2.x prior to 2.1.8 Description: The issue allows users who don't have edit or delete permissions for records exposed in a ModelAdmin to still edit or delete records...
WordPress plugin Directorist security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...