WordPress Easy CSV Importer BETA Plugin <= 7.0.0 is vulnerable to Arbitrary File Upload

Software Easy CSV Importer BETA Type Plugin Vulnerable versions = 7.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52372 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 760bb0fc208a Credits stealthcopter Required privilege...

CVE-2024-31448

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

CVE-2024-31998 CSRF security issue on CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-31998

CVE-2024-31998 affects Combodo iTop (web-based ITSM). A CSRF on the CSV import simulation could allow unauthorized state-changing actions. Affected versions are prior to 3.1.2 and 3.2.0; fixed in 3.1.2 and 3.2.0. CVSSv3.1 base score 8.8 (HIGH) with user interaction required. No public workarounds...

CVE-2024-31998 CSRF security issue on CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-31998 CSRF security issue on CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-31448

CVE-2024-31448 is a Cross-site Scripting (XSS) vulnerability in Combodo iTop triggered by malicious CSV content during import. Affected software is Combodo iTop (web-based IT Service Management). The issue is fixed in versions 3.1.2 and 3.2.0; users should upgrade to one of these versions or late...

CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

Combodo iTop 跨站请求伪造漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site request forgery vulnerability exists in...

CVE-2024-7424

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with...

CVE-2024-7424 Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with...

CVE-2024-7424

CVE-2024-7424 affects the WordPress plugin Multiple Page Generator Plugin (MPG) . The issue is a missing capability check on several functions that are admin-only, enabling authenticated users with Subscriber-level access and above to invoke admin functions, leading to unauthorized modification o...

PT-2024-38338 · WordPress · Mpg Plugin

Name of the Vulnerable Software and Affected Versions: The Multiple Page Generator Plugin – MPG plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functions intended for admin use,...

CVE-2024-9430

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

CVE-2024-9430 Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

CVE-2024-9430 Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

PT-2024-39628 · WordPress · Get Quote For Woocommerce

Name of the Vulnerable Software and Affected Versions: Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to unauthorized access of Quote data due to a missing capability check on the ct tepfw wp...

CVE-2024-5982

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the loadchathistory function in...