CVE-2024-31939

CVE-2024-31939 : CSRF vulnerability in the WordPress plugin “Import any XML or CSV File to WordPress” (Soflyy WP All Import) affecting versions up to 3.7.3. Public data indicates a CSRF flaw that can be triggered with user interaction and has network access implications, with no explicit remediat...

WordPress Plugin Import any XML or CSV File to WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Import any XML or CS...

CVE-2024-3214

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

CVE-2024-3214

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

CVE-2024-3214 Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

CVE-2024-3214

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

CVE-2024-3214

CVE-2024-3214 affects Relevanssi – A Better Search (WordPress) up to version 4.22.1. It allows unauthenticated CSV injection by embedding untrusted input in exported CSV files, with potential code execution when the CSV is opened in a vulnerable environment. The vulnerability is classified as una...

WordPress Plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin Email...

$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers a...

WordPress Relevanssi plugin <= 4.22.1 - Unauthenticated Second Order CSV Injection vulnerability

Unauthenticated Second Order CSV Injection vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi versions = 4.22.1...

WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to CSV Injection

Software Relevanssi Type Plugin Vulnerable versions = 4.22.1 Fixed in 4.22.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2024-3214 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 3b70af9574ea Credits Thura Moe Myint mgthuramoemyint Required privilege...

Icegram Express < 5.7.16 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and...

WordPress Relevanssi Premium Plugin <= 2.25.1 is vulnerable to CSV Injection

Software Relevanssi Premium Type Plugin Vulnerable versions = 2.25.1 Fixed in 2.25.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2024-3214 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID c945697bfd2b Credits Thura Moe Myint mgthuramoemyint Required...

CVE-2024-25007

Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...

CVE-2024-25007

Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...

CVE-2024-25007 Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability

Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...

CVE-2024-25007 Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability

Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...

CVE-2024-25007

CVE-2024-25007 affects Ericsson Network Manager (ENM) versions prior to 23.1. The issue resides in the export function of the application log, where Improper Neutralization of Formula Elements in a CSV File can enable code execution or information disclosure. Impact is limited to integrity and av...

EUVD-2024-26384

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...