5078 matches found
WordPress Plugin WP CSV Exporter Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-14543 · Unknown · Posts/Users Stats
Name of the Vulnerable Software and Affected Versions: Posts and Users Stats versions 1.1.3 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects Posts and Users Stats. Recommendations: For versions 1.1.3 and earlier, update ...
Posts and Users Stats < 1.1.4 - Improper Neutralization of Formula Elements in a CSV File
Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...
Export Users Data CSV < 2.2 - Improper Neutralization of Formula Elements in a CSV File
Description Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...
PT-2023-14643 · Amr · Amr
Name of the Vulnerable Software and Affected Versions: amr users versions 4.59.4 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, affecting amr users. Recommendations: For versions 4.59.4 and earlier, update to a version that contains...
Fedora 39 : moodle (2023-6bd1586dc5)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6bd1586dc5 advisory. Latest updates Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
HTML filter and csv-file search < 2.8 - Contributor+ Local File Inclusion
Description The plugin does not properly sanitize and validate the 'src' attribute of the 'csvsearch' shortcode, leading to a Local File Inclusion vulnerability...
Puppet Enterprise < 2019.8.6 Unsantized Input Vulnerability
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin...
CVE-2023-5099
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...
Design/Logic Flaw
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...
CVE-2023-5099 HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...
CVE-2023-5099 HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...
CVE-2023-5099
CVE-2023-5099 describes a Local File Inclusion vulnerability in the WordPress plugin HTML filter and csv-file search . Up to version 2.7, the plugin fails to sanitize the src attribute of the csvsearch shortcode, allowing authenticated users with contributor permissions or higher to include and e...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
Sql injection
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
CVE-2023-46356 affects PrestaShop module CSV Feeds PRO prior to 2.6.1. The vulnerability is a SQL injection in SearchApiCsv::getProducts(), exploitable by a guest via a trivial HTTP request due to a sensitive SQL call. Impact is high (potential data compromise/alteration and service disruption) a...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...