CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that originates from a remote authenticated attacker who can inject macros into a...

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

CVE-2025-10498 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

Prototype Pollution

Overview csvtojson is an A tool concentrating on converting csv data to JSON with customised parser supporting Affected versions of this package are vulnerable to Prototype Pollution in the parserjsonarray process due to insufficient sanitization of nested header names. An attacker can cause deni...

CVE-2025-57350

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

PT-2025-39315

Name of the Vulnerable Software and Affected Versions csvtojson versions prior to 2.0.10 Description The csvtojson package has a flaw due to inadequate sanitization of nested header names during parsing. Processing CSV input with crafted header fields referencing prototype chains like using proto...

CVE-2025-57350

The connected documents provide concrete details for CVE-2025-57350: The csvtojson package (node module) has a prototype pollution vulnerability in versions before 2.0.10, caused by insufficient sanitization of nested header names in the parser_jsonarray component. Attackers can supply specially ...

CVE-2025-10002

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-10002

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-10002

CVE-2025-10002 affects the ClickWhale – Link Manager, Link Shortener and Click Tracker for WordPress plugin. Versions up to and including 2.5.0 are vulnerable to SQL Injection in export_csv() due to insufficient escaping and lack of proper query preparation, enabling authenticated Administrators ...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Import plugin 7.20-7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability

Authenticated Subscriber+ Remote Code Execution via Code Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions 7.20-7.28...

WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...

MAL-2025-47135 Malicious code in @ctrl/ngx-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dee0d376ee8686a2ea0a7d46ab60c012856d8740b3563848112afbeb6d5b80c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @ctrl/ngx-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dee0d376ee8686a2ea0a7d46ab60c012856d8740b3563848112afbeb6d5b80c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Embedded Malicious Code

Overview @ctrl/ngx-csv is a package to easily generate a CSV download in the browser with Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts,...