CVE-2024-10866 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

CVE-2024-10866 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

WordPress plugin My Contador lesr 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-10852 Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buyoneclickexportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

CVE-2024-45233

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

CVE-2024-7601

Logsign Unified SecOps Platform Directory dataexportdeleteall Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerabilit...

CVE-2024-7601

CVE-2024-7601 affects Logsign Unified SecOps Platform. The vulnerability resides in the HTTP API service (default port 443) where lack of proper validation of a user-supplied path enables a traversal that can delete arbitrary files in the root context. Exploitation requires authentication, and th...

Mercodia Feripro 安全漏洞

Mercodia Feripro is a vacation management software from Mercodia USA. A security vulnerability exists in Mercodia Feripro 2.2.3 and earlier versions, which stems from an incorrect access control vulnerability in /admin/programm//export/statistics, which could allow a remote attacker to export an...

CVE-2024-5331

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions...

PT-2024-35721 · WordPress · Breakdance

Name of the Vulnerable Software and Affected Versions: Breakdance plugin for WordPress versions up to, and including, 1.7.2 Description: The issue allows authenticated attackers with Contributor-level access and above to export form submissions, resulting in unauthorized access of data...

WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability

Sensitive Data Exposure via Exported File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Wallet System for WooCommerce versions = 2.5.13...

WordPress plugin WP Logs Book security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVAT Security Vulnerabilities

CVAT is an interactive video and image annotation tool for computer vision. A security vulnerability exists in CVAT version 2.2.0 through versions prior to 2.14.3. An attacker exploiting this vulnerability could obtain media files, annotations, settings, and other information from any project,...

CVE-2024-35430

In ZKTeco ZKBio CVSecurity v6.1.1R and earlier fixed in 6.1.3R an authenticated user can bypass password checks while exporting data from the application...

CVE-2024-35430

In ZKTeco ZKBio CVSecurity v6.1.1R and earlier fixed in 6.1.3R an authenticated user can bypass password checks while exporting data from the application...

CVE-2024-35430

In ZKTeco ZKBio CVSecurity v6.1.1R and earlier fixed in 6.1.3R an authenticated user can bypass password checks while exporting data from the application...

PT-2024-26500 · Zkteco · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: The issue allows an authenticated user to bypass password checks while exporting data from the application. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, at the moment, there is...

ZKTeco ZKBioSecurity Security Vulnerabilities

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBioSecurity version 6.1.1 that originates from a vulnerability that allows an authenticated user to bypass password checks while exporting data from the application...

PT-2024-14928 · WordPress · Romethemeform For Elementor

Name of the Vulnerable Software and Affected Versions: RomethemeForm For Elementor plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the export entries, rtformnewform, and...