CVE-2026-0825 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...

CVE-2025-14610

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

CVE-2025-14610 TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

EUVD-2025-206417

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

CVE-2025-14610

CVE-2025-14610 : The WordPress plugin TableMaster for Elementor (versions up to and including 1.3.6) is vulnerable to authenticated SSRF via the csv_url parameter in the Data Table widget. An attacker with Author-level access or higher can trigger web requests to arbitrary locations (including lo...

CVE-2025-14610 TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

WordPress TableMaster for Elementor plugin <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter vulnerability

Authenticated Author+ Server-Side Request Forgery via 'csvurl' Parameter vulnerability discovered by WordFence in WordPress Plugin TableMaster for Elementor versions = 1.3.6...

Security vulnerabilities in the WordPress plugin database for Contact Form 7, WPforms, and Elementor Forms

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

PT-2026-5066

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...

PT-2026-5058

Name of the Vulnerable Software and Affected Versions TableMaster for Elementor versions up to and including 1.3.6 Description The TableMaster for Elementor plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin does not limit the URLs that can be...

CVE-2020-36941

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2021-47901

Dirsearch 0.4.1 is affected by a CSV injection vulnerability exploitable via the --csv-report flag. An attacker can craft malicious server redirects with comma-separated paths containing Excel formulas, enabling manipulation of the generated CSV report. The issue is described across multiple sour...

CVE-2021-47901 dirsearch 0.4.1 - CSV Injection

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report...

CVE-2020-36941

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

dirsearch security vulnerabilities

dirsearch is a network scanner developed by Mauro Soria. Version 0.4.1 of dirsearch contains a security vulnerability. This vulnerability arises from improper handling of redirect endpoints when using the --csv-report flag, which may allow attackers to inject malicious formulas...

EUVD-2026-4195

Malicious code in csv-parsing-xz npm...

Malicious Package

Overview csv-parsing-xz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in csv-parsing-xz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd0bb44a5de8aaaa9d2397fe8ff5fa7e9a7274bb5d6efe9ef6af97ba8747692 The package csv-parsing-xz was found to contain malicious code. Source: ghsa-malware 40d41fc1adde6793bd8a6626e41da04bcb68b4934a4760eeb34c278ed6165adf...

MAL-2026-458 Malicious code in csv-parsing-xz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd0bb44a5de8aaaa9d2397fe8ff5fa7e9a7274bb5d6efe9ef6af97ba8747692 The package csv-parsing-xz was found to contain malicious code. Source: ghsa-malware 40d41fc1adde6793bd8a6626e41da04bcb68b4934a4760eeb34c278ed6165adf...

MAL-2026-457 Malicious code in csv-parsing-xx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe9a306ce309515a134b6348aff27991f8725d7925ee31b1c51281c9d4a5bc8 The package csv-parsing-xx was found to contain malicious code. Source: ghsa-malware 3e16868b929858d45e76857e9157eae0e3631ca0e2e5988e69c6f537d0ad1a04...