6 matches found
CVE-2026-14500
The CVE-2026-14500 entry concerns the Bulk Order Update for WooCommerce plugin for WordPress (
EUVD-2026-42175
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...
CVE-2025-14610 TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...
EUVD-2025-206417
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...
WordPress TableMaster for Elementor plugin <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter vulnerability
Authenticated Author+ Server-Side Request Forgery via 'csvurl' Parameter vulnerability discovered by WordFence in WordPress Plugin TableMaster for Elementor versions = 1.3.6...
PT-2026-5058
Name of the Vulnerable Software and Affected Versions TableMaster for Elementor versions up to and including 1.3.6 Description The TableMaster for Elementor plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin does not limit the URLs that can be...