Design/Logic Flaw

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...

Open redirect

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it...

CVE-2022-2240 Request a Quote <= 2.3.7 - CSV Injection

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it...

CVE-2022-2240

CVE-2022-2240 affects the WordPress plugin Request a Quote up to version 2.3.7, where the CSV upload handling does not validate uploaded CSV files. This allows unauthenticated users to attach a malicious CSV to a quote, enabling CSV injection when an admin downloads and opens the file. The vulner...

CVE-2022-1539 Exports and Reports < 0.9.2 - Contributor+ CSV Injection

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...

CVE-2022-1539

The CVE-2022-1539 entry concerns the WordPress Exports and Reports plugin (versions prior to 0.9.2). The connected documents confirm the vulnerability arises from the plugin not sanitizing/validating data when generating CSV exports, enabling CSV injection via Excel DDE and potential data leakage...

WordPress plugin Request a Quote 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUNQUERYFILE action. If this action is specified, then QUERYFILEPATH...

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

CVE-2022-2146

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

CVE-2022-2146

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

Cross site scripting

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

CVE-2022-2146 Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

CVE-2022-2146

Technical details about CVE-2022-2146 are not publicly available in the provided connected documents. Monitor for updates from vendors and security bulletins.

WordPress plugin Import CSV Files 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-20648 · Montala · Resourcespace

Name of the Vulnerable Software and Affected Versions: Montala ResourceSpace versions prior to r19636 Description: The issue allows attackers to export collection metadata via a non-NULL k value in the csv export results metadata.php file. Recommendations: For versions prior to r19636, update to ...

Stripe: CSRF in Importing CSV files [app.taxjar.com]

A CSRF vulnerability was found in the CSV import feature of app.taxjar.com, allowing an attacker to import transactions into a user's account without their permission. The vulnerability was due to a lack of CSRF protection in the import process...

July 12, 2022—KB5015875 (Security-only update)

July 12, 2022—KB5015875 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANT Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, ther...

WordPress Import any XML or CSV File plugin arbitrary file upload vulnerability

WordPress is a blogging platform developed using the PHP language. WordPress Import any XML or CSV File plugin versions prior to 3.6.8 are vulnerable to arbitrary file uploads, which originate from accepting all zip files and automatically extracting the zip file without validating the extracted...