CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325

CVE-2018-25325 concerns the Woocommerce CSV Importer 3.3.6 path traversal vulnerability. The issue allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. By sending POST requests that include directory traversal sequences...

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.35 - Authenticated Contributor+ Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.35...

WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability

Authenticated Administrator+ PHP Object Injection via CSV Import vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.33.1...

WordPress WP Import plugin <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Author+ Sensitive Information Exposure vulnerability discovered by M Indra Purnama type5afe in WordPress Plugin WP Ultimate CSV Importer versions = 7.33...

EUVD-2015-1135

Malware in sbrugna...

EUVD-2006-5086

Malware in sbrugna...

EUVD-2015-9146

Malware in sbrugna...

EUVD-2018-13504

Malware in sbrugna...

EUVD-2024-45867

Malicious code in bioql PyPI...

EUVD-2023-53698

Malicious code in bioql PyPI...

EUVD-2022-24773

Malicious code in bioql PyPI...

WordPress WP Import plugin 7.20-7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability

Authenticated Subscriber+ Remote Code Execution via Code Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions 7.20-7.28...

WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...

CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getftpdetails' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...