CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5078 matches found

CVE•added 2023/10/05 10:31 p.m.•51 views

CVE-2015-10125

CVE-2015-10125 affects the WP Ultimate CSV Importer Plugin for WordPress (v3.7.2). The vulnerability is described as cross-site request forgery (CSRF) in an unknown part of the plugin, with remote initiation possible. The issue is addressed by upgrading to version 3.7.3, and the patch identifier ...

8.8CVSS5.8AI score0.0036EPSS

Exploits0References4Affected Software1

OSV•added 2023/10/05 6:15 p.m.•2 views

CVE-2023-43071

Dell SmartFabric Storage Software v1.4 and earlier contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to variou...

5.4CVSS5.7AI score

Exploits0References1

CNNVD•added 2023/10/05 12:0 a.m.•3 views

WordPress Plugin WP Ultimate CSV Importer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.7AI score0.0036EPSS

Exploits0References5

Positive Technologies•added 2023/10/05 12:0 a.m.•3 views

PT-2023-10302 · WordPress · Wp Ultimate Csv Importer Plugin

Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer Plugin version 3.7.2 Description: A problematic vulnerability has been found in the WP Ultimate CSV Importer Plugin, affecting an unknown part, which leads to cross-site request forgery. The attack can be initiated...

8.8CVSS7AI score0.0036EPSS

Exploits0References6

wpexploit•added 2023/09/25 12:0 a.m.•111 views

Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. This requires the plugin's Log Authentication Requests setting to be set...

7.5CVSS7.7AI score0.25855EPSS

Exploits2

Patchstack•added 2023/09/19 12:0 a.m.•2 views

WordPress Statify Plugin < 2.6.4 is vulnerable to CSV Injection

Software Statify Type Plugin Vulnerable versions 2.6.4 Fixed in 2.6.4 OWASP Top 10 A1: Injection Classification CSV Injection CVE N/A Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 33a8f3c4ed3e Credits Unknown Required privilege Administrator Published 19 September, 2023...

7.2AI score

Exploits0References2Affected Software1

OpenVAS•added 2023/09/15 12:0 a.m.•14 views

WordPress Export All URLs Plugin < 4.4 Arbitrary File Deletion Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:atlasgondal:exportallurls"; if description...

6.5CVSS6.6AI score0.00916EPSS

Exploits1References1