29 matches found
CVE-2024-13607 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...
CVE-2024-34448
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
PT-2023-19626 · WordPress · Userpro
Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 5.1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the export users function. This allows unauthenticated attackers...
PT-2023-9271 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.12 GLPI versions prior to 10.0.6 Description: The issue is related to improper privilege management, allowing any user with access to the standard interface to export data of almost any GLPI item type, including...
CVE-2022-3393
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
IBM App Connect Enterprise 信任管理问题漏洞
IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...
PT-2022-14123 · WordPress · Export Any Wordpress Data To Xml/Csv
Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.5 Description: The issue arises from the lack of sanitization of the cpt POST parameter when exporting post data, which is then used in a database query. This leads t...
CVE-2022-26867
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
WordPress bold-page-builder plugin has unspecified vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. bold-page-builder is a drag-and-drop page builder plugin used in it. A security vulnerability exists in WordPress bold-page-builder...