5070 matches found
PT-2025-39315
Name of the Vulnerable Software and Affected Versions csvtojson versions prior to 2.0.10 Description The csvtojson package has a flaw due to inadequate sanitization of nested header names during parsing. Processing CSV input with crafted header fields referencing prototype chains like using proto...
CVE-2025-10002
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2025-10002
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2025-10002
CVE-2025-10002 affects the ClickWhale – Link Manager, Link Shortener and Click Tracker for WordPress plugin. Versions up to and including 2.5.0 are vulnerable to SQL Injection in export_csv() due to insufficient escaping and lack of proper query preparation, enabling authenticated Administrators ...
PT-2025-38628
Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...
WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WP Import plugin 7.20-7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability
Authenticated Subscriber+ Remote Code Execution via Code Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions 7.20-7.28...
WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...
Malicious code in @ctrl/ngx-csv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dee0d376ee8686a2ea0a7d46ab60c012856d8740b3563848112afbeb6d5b80c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47135 Malicious code in @ctrl/ngx-csv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dee0d376ee8686a2ea0a7d46ab60c012856d8740b3563848112afbeb6d5b80c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Embedded Malicious Code
Overview @ctrl/ngx-csv is a package to easily generate a CSV download in the browser with Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts,...
Exploit for CVE-2025-9776
CVE-2025-9776 — CatFolders WordPress Plugin: Authenticated SQL...
CVE-2025-9776
The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
WordPress Maspik plugin authorization issue vulnerability
WordPress Maspik plugin is an anti-spam plugin for WordPress that is mainly used to protect website contact forms, comment areas and signup forms from spam. WordPress Maspik plugin suffers from an authorization issue vulnerability that stems from a lack of capability check in the function...
CVE-2025-59019
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...
CVE-2025-9776
The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-9776
CVE-2025-9776 – CatFolders WordPress plugin (versions
CVE-2025-9776 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import
The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...