March 10, 2020—KB4541509 (Monthly Rollup)

March 10, 2020—KB4541509 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4537819 released February 25, 2020 and addresses the following issues: Addresses an issue that might prevent ActiveX content from loading. Addresses an...

March 10, 2020—KB4541506 (Monthly Rollup)

March 10, 2020—KB4541506 Monthly Rollup IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of device...

March 10, 2020—KB4541504 (Security-only update)

March 10, 2020—KB4541504 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of...

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...

Input validation

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...

CVE-2020-9372

The CVE affects the WordPress plugin Appointment Booking Calendar prior to version 1.3.35. The vulnerability allows any user-supplied input in booking form fields (e.g., Description or Name) to be treated as a formula and exported via the CSV export in the admin bookings list, enabling remote cod...

Appointment Booking Calendar < 1.3.35 - CSV Injection

The Appointment Booking Calendar WordPress plugin was affected by a CSV Injection security vulnerability...

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

CVE-2020-9466

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...

Design/Logic Flaw

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...

CVE-2020-9466

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...

CVE-2020-9466

CVE-2020-9466 affects the WordPress plugin Export Users to CSV (≤1.4.2). An attacker who can register as a subscriber can inject CSV payloads into user-details fields; when an authenticated admin exports user data to CSV and opens it, the payload can execute (e.g., redirections to malicious sites...

LiteCart CSV Injection Vulnerability

LiteCart is a lightweight e-commerce platform for online merchants developed using PHP, HTML 5 and CSS 3. A CSV injection vulnerability exists in LiteCart 2.2.1 and earlier versions. An attacker can exploit the vulnerability to execute code via a customer's profile...

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

WordPress Export Users to CSV plugin <= 1.4.2 - CSV Injection vulnerability

CSV Injection vulnerability found by Jinson Varghese Behanan in WordPress Export Users to CSV plugin versions = 1.4.2. Solution 2020 Feb. 26 - no patched version available...

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

CVE-2020-9017

LiteCart through 2.2.1 allows CSV injection via a customer's profile...

CVE-2020-9017

LiteCart through 2.2.1 allows CSV injection via a customer's profile...