5078 matches found
PT-2022-24595 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.1.8 Description: The issue allows remote users to run malicious JavaScript in a victim's browser via sending a crafted CSV file containing malicious JavaScript to an authenticated user. Any authenticated user importing the...
CVE-2022-3026
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...
CVE-2022-3026
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...
CVE-2022-2429
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...
CVE-2022-2429
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...
Input validation
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...
Input validation
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...
CVE-2022-3026
The WP Users Exporter plugin for WordPress (versions up to and including 1.4.2) is vulnerable to CSV Injection via the Export Users feature. An authenticated attacker (e.g., a subscriber) can inject untrusted data into profile fields (e.g., First Names) that are embedded in the CSV exported by an...
CVE-2022-3026 WP Users Exporter <= 1.4.2 - CSV Injection
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...
CVE-2022-2429
The CVE-2022-2429 entry concerns the WordPress plugin “Ultimate SMS Notifications for WooCommerce.” The vulnerability is a CSV Injection in the plugin’s Export Utility, affecting versions up to and including 1.4.1. It allows authenticated attackers (e.g., subscribers) to inject untrusted data int...
CVE-2022-2429 Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...
CVE-2022-2429 Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...
PT-2022-5124 · WordPress · Ultimate Sms Notifications For Woocommerce
Name of the Vulnerable Software and Affected Versions: Ultimate SMS Notifications for WooCommerce plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to a CSV Injection vulnerability in the 'Export Utility' functionality. This allows authenticated attackers...
CVE-2022-2638
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
CVE-2022-2638
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
CVE-2022-2638
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
Path traversal
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
CVE-2022-2638 Export All URLs < 4.4 - Admin+ Arbitrary System File Removal
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
WordPress WP Users Exporter plugin <= 1.4.2 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress WP Users Exporter plugin versions = 1.4.2. Solution Deactivate and delete. This plugin has been closed as of January 8, 2020 and is not available for download. Reason: Security Issue...
WordPress Ultimate SMS Notifications for WooCommerce plugin <= 1.4.1 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress Ultimate SMS Notifications for WooCommerce plugin versions = 1.4.1. Solution Update the WordPress Ultimate SMS Notifications for WooCommerce plugin to the latest available version at least 1.4.2...