WordPress Plugin HTML filter and csv-file search security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop CSV Feeds PRO prior to version 2.6.1, which stems from the...

PT-2023-29976 · Prestashop · Csv Feeds Pro

Name of the Vulnerable Software and Affected Versions: PrestaShop module CSV Feeds PRO versions prior to 2.6.1 Description: The issue allows a guest to perform SQL injection due to a sensitive SQL call in the SearchApiCsv::getProducts method. This can be exploited with a trivial HTTP call, allowi...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Local File Inclusion

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-5099 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 9f90341966c7 Credits Alex Thomas Required privilege...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 370de6af1adf Credits Alex Thomas...

Catdoc Code Issues Vulnerabilities

Catdoc is a program that reads MS-Word files and prints them readably by Pete Warden, an individual developer in the United States. A security vulnerability exists in Catdoc version v0.95, which stems from the component xls2csv in src/xlsparse.c containing a NULL pointer dereference...

Moodle < 3.9.24, 3.11.x < 3.11.17, 4.0.x < 4.0.11, 4.1.x < 4.1.6, 4.2.x < 4.2.3 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

CVE-2022-3342

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...

CVE-2022-3342

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE202320198Detector This script can identify if Cisco IOS...

Ubuntu 18.04 ESM / 20.04 ESM : Symfony vulnerabilities (USN-5290-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5290-1 advisory. James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this...

WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click Simple Table Manager then...

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

CVE-2023-41261

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results...

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

CVE-2023-41261

Summary: CVE-2023-41261 affects Plixer Scrutinizer prior to version 19.3.1. The vulnerability resides in the /fcgi/scrut_fcgi.fcgi endpoint, where the csvExportReport action generateCSV does not require authentication, allowing an unauthenticated user to export reports and access results. Affecte...

PT-2023-27875 · Plixer · Plixer Scrutinizer

Name of the Vulnerable Software and Affected Versions: Plixer Scrutinizer versions prior to 19.3.1 Description: An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint, specifically in the csvExportReport endpoint action generateCSV, which is vulnerable to SQL injection through the sorting...

CVE-2015-10125

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

CVE-2015-10125 WP Ultimate CSV Importer Plugin cross-site request forgery

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...