WP CSV Exporter < 1.3.7 - Admin+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks PoC As an admin, go to Tools CSV Export, leave everything as default and click on Export POSTS CSV Intercept the...

WordPress WP CSV Exporter plugin <= 1.3.6 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in the WordPress WP CSV Exporter plugin versions = 1.3.6. Solution Update the WordPress WP CSV Exporter plugin to the latest available version at least 1.3.7...

WordPress User Blocker plugin <= 1.5.5 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika in the WordPress User Blocker plugin versions = 1.5.5. Solution Update the WordPress User Blocker plugin to the latest available version at least 1.5.6...

CVE-2022-27858

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

Design/Logic Flaw

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858 WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858 WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858

CVE-2022-27858 refers to a CSV injection vulnerability in the WordPress plugin Activity Log (Team Activity Log) versions ≤ 2.8.3. The weakness stems from the plugin not validating data before exporting to CSV, enabling injection in CSV fields. Impact is described as CSV injection; remediation is ...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.8 RCE Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.9 Multiple File Upload Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-3558

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

CVE-2022-3463

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

Code injection

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

Design/Logic Flaw

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

PT-2022-22908 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Import and export users and customers WordPress plugin versions prior to 1.20.5 Description: The issue concerns the improper escaping of data when exporting it via CSV files. This could potentially lead to security issues, although specific...

CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...