CVE-2025-14508

CVE-2025-14508 : MediaCommander for WordPress allows unauthorized data deletion via the REST API endpoint import-csv due to a missing capability check. The endpoint uses an upload_files (Author-level) check for a destructive operation, enabling authenticated users with Author-level access or high...

WordPress plugin MediaCommander – Bring Folders to Media, Posts, and Pages 安全漏洞

...

PT-2025-51079

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using upload files capabili...

CVE-2025-14442

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...

CVE-2025-14442

CVE-2025-14442 affects the Secure Copy Content Protection and Content Locking WordPress plugin. Affected versions up to and including 4.9.2 store exported CSV files in a publicly accessible directory with predictable filenames, enabling unauthenticated access to sensitive user data (emails, IP ad...

EUVD-2025-203073

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...

CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...

WordPress Simple CSV Table plugin <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read vulnerability

Directory Traversal to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Ivan Cese in WordPress Plugin Simple CSV Table versions = 1.0.1...

CVE-2025-12960

CVE-2025-12960 affects the Simple CSV Table plugin for WordPress. It allows authenticated attackers with Contributor+ access to perform Directory Traversal via the href parameter in the [csv] shortcode, enabling reading of arbitrary server files (e.g., credentials). Impact is read access; no expl...

CVE-2025-12960 Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

CVE-2025-12960 Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

EUVD-2025-203062

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability

Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...

WordPress plugin Simple CSV Table 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...

CVE-2025-13070

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks...

WordPress CSV to SortTable plugin <= 4.2 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

Malicious code in wartsila-text-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7aa25dcd1a96ff24f8f3638d5f052e05a258f9847ef25a146cd479697b26a963 The package wartsila-text-csv was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-202355

Malicious code in wartsila-text-csv npm...

MAL-2025-192402 Malicious code in wartsila-text-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7aa25dcd1a96ff24f8f3638d5f052e05a258f9847ef25a146cd479697b26a963 The package wartsila-text-csv was found to contain malicious code. Source: ghsa-malware...

CVE-2025-13070

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks...