Lucene search
K

29 matches found

Cvelist
Cvelist
added 2025/02/04 6:41 a.m.17 views

CVE-2024-13607 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...

4.3CVSS0.00404EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/22 4:1 p.m.14 views

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

7.2AI score0.00723EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.7 views

PT-2023-19626 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 5.1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the export users function. This allows unauthenticated attackers...

6.1CVSS6.7AI score0.00181EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.4 views

PT-2023-9271 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.12 GLPI versions prior to 10.0.6 Description: The issue is related to improper privilege management, allowing any user with access to the standard interface to export data of almost any GLPI item type, including...

10CVSS6.5AI score0.99628EPSS
Exploits40References202
OSV
OSV
added 2022/10/25 5:15 p.m.3 views

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.8CVSS5.8AI score0.01279EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.25 views

IBM App Connect Enterprise 信任管理问题漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...

6.5CVSS7AI score0.00382EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/06/13 12:0 a.m.7 views

PT-2022-14123 · WordPress · Export Any Wordpress Data To Xml/Csv

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.5 Description: The issue arises from the lack of sanitization of the cpt POST parameter when exporting post data, which is then used in a database query. This leads t...

7.2CVSS7.2AI score0.01269EPSS
Exploits2References5
OSV
OSV
added 2022/06/02 9:15 p.m.3 views

CVE-2022-26867

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...

8CVSS7.3AI score0.00556EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/03 12:0 a.m.3 views

WordPress bold-page-builder plugin has unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. bold-page-builder is a drag-and-drop page builder plugin used in it. A security vulnerability exists in WordPress bold-page-builder...

7.5CVSS6.6AI score0.11019EPSS
Exploits0References1
Rows per page
Query Builder