WordPress zx-csv-upload plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1 of the WordPress zx-csv-upload plugin. The vulnerability ste...

LimeSurvey < 3.17.14 Multiple Vulnerabilities

LimeSurvey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Import users from CSV with meta Plugin < 1.14.0.3 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113521";...

WordPress Import users from CSV with meta Plugin < 1.14.1.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113522";...

WordPress Import users from CSV with meta Plugin < 1.14.2.1 Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113523";...

CVE-2016-10943

The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter...

Sql injection

The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter...

CVE-2016-10943

The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter...

CVE-2016-10943

CVE-2016-10943 affects the WordPress plugin zx-csv-upload (version 1). The vulnerability is an SQL injection through the id parameter in the plugin’s SQL queries, as documented across multiple sources (NVD entry, Red Hat advisory, CNVD/CVE listings, and WP vulnerability records). Exploitation is ...

September 10, 2019—KB4516062 (Security-only update)

September 10, 2019—KB4516062 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

CVE-2019-16184

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file...

CVE-2019-16184

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file...

Input validation

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file...

CVE-2019-16184

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file...

CVE-2019-16184

LimeSurvey prior to 3.17.14 is affected by a CSV injection vulnerability where survey responses can inject commands that appear in exported CSV files. The CVE-2019-16184 vulnerability affects LimeSurvey and is described with a risk profile including high impact on confidentiality, integrity, and ...

CVE-2019-16120

CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...

Input validation

CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...

CVE-2019-16120

The CVE-2019-16120 issue affects the WordPress Event Tickets plugin (Event Tickets) prior to version 4.10.7.2. The vulnerability arises in the Export Attendees feature under All Post &gt; Ticketed &gt; Attendees, allowing CSV injection. Impact is potential data manipulation/CSV injection in expor...

CVE-2019-16120

CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...

PT-2019-14524 · WordPress · Event Tickets

Name of the Vulnerable Software and Affected Versions: Event Tickets plugin for WordPress versions prior to 4.10.7.2 Description: The issue exists in the Event Tickets plugin for WordPress, specifically via the "All Post Ticketed Attendees" Export Attendees feature. This allows for CSV injection...