EUVD-2025-6876

Malicious code in bioql PyPI...

CVE-2025-9979

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...

Linux Distros Unpatched Vulnerability : CVE-2021-36401

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. CVE-2021-36401 Note that Nessus relies on...

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

CVE-2025-6814

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportnow function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal...

PT-2025-27855 · WordPress · Booking X

Name of the Vulnerable Software and Affected Versions: Booking X plugin for WordPress versions 1.0 through 1.1.2 Description: The issue allows unauthorized access to data due to a missing capability check on the export now function. This enables unauthenticated attackers to download all plugin...

CVE-2024-1119

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exporttipstocsv function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees...

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

CVE-2024-1121

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

CVE-2024-5331

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions...

CVE-2024-1690

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...

CVE-2024-12316

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportpopupaction function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates...

CVE-2024-12713

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-11334

The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportarregistros function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data...

CVE-2023-5905

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

CVE-2023-23610

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

CVE-2022-3574

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...