WordPress plugin CSV to SortTable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-49802

Name of the Vulnerable Software and Affected Versions CSV to SortTable WordPress plugin versions through 4.2 Description The software does not properly check certain shortcode attributes before using them to create file paths that are then used with include functions. This allows users with...

CVE-2025-14229

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-14229 SourceCodester Inventory Management System SVC Report Export csv injection

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

WordPress CSV Sumotto plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin CSV Sumotto versions = 1.0...

PT-2025-49546

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

SourceCodester Inventory Management System 安全漏洞

SourceCodester Inventory Management System is a SourceCodester open source inventory management system. A security vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from a CSV injection vulnerability in the SVC report export component...

CVE-2025-13894

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13894

CVE-2025-13894 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress CSV Sumotto plugin (versions ≤ 1.0). The root cause is insufficient input sanitization and output escaping for the PHP_SELF server variable, allowing unauthenticated attackers to inject scripts into pages tha...

CVE-2025-13894 CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13894 CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

@adeunis/codecs (>=1.3.0 <=1.4.0), @andrewcturing/todoist (=0.0.1) +53 more potentially affected by CVE-2026-9673 via json-2-csv (>=3.20.0 <=5.5.1)

json-2-csv NPM version =3.20.0, =1.3.0, =1.8.0, =5.0.2, =0.0.1, =0.2.3, =0.1.0, =0.1.0, =0.5.1, =1.0.2, =1.3.1, =3.0.7, =1.0.5, =3.0.9-beta.0 and more Source cves: CVE-2026-9673 Source advisory: SNYK:JS-JSON2CSV-14221326...

CSV Injection

Overview org.webjars.npm:json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can...

CSV Injection

Overview json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas in...

WordPress plugin CSV Sumotto 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2025-201400

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

PT-2025-49235

Name of the Vulnerable Software and Affected Versions User Generator and Importer plugin for WordPress versions up to and including 1.2.2 Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the "Import Using CSV File" function. This allows...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

VulnCheck KEV: CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...