EUVD-2022-42758

Malicious code in bioql PyPI...

CVE-2024-7620

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

WordPress Customizer Export/Import plugin <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import vulnerability

Authenticated Admin+ Arbitrary File Upload via Customization Settings Import vulnerability discovered by Luk6785 in WordPress Plugin Customizer Export/Import versions = 0.9.7...

CVE-2024-7620

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2024-7620

The CVE-2024-7620 entry concerns the WordPress plugin Customizer Export/Import (

CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

PT-2024-38457 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import plugin for WordPress versions up to, and including, 0.9.7 Description: The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import...

WordPress plugin Customizer Export/Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Customizer Export/Import Plugin < 0.9.5 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpbeaverbuilder:customizerexport%2fimport"; if description...

WordPress Customizer Export/Import Plugin < 0.9.6 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpbeaverbuilder:customizerexport%2fimport"; if description...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1347

CVE-2023-1347 affects the WordPress plugin Customizer Export/Import (versions before 0.9.6). The issue arises from unserializing user input in settings, enabling PHP Object Injection when a suitable gadget is present. Exploitation requires admin-level privileges, with a high impact as documented....

CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

PT-2023-16916 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import WordPress plugin versions prior to 0.9.6 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing...

WordPress plugin Customizer Export/Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Customizer Export/Import Plugin < 0.9.6 is vulnerable to PHP Object Injection

Software Customizer Export/Import Type Plugin Vulnerable versions 0.9.6 Fixed in 0.9.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1347 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 014e99d7d277 Credits Nguyen Huu Do Required privilege...

Design/Logic Flaw

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...