48 matches found
CVE-2026-15161
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...
CVE-2026-15160
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...
CVE-2026-15159
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2026-15161 Ninja Forms - Excel Export <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'filter' Parameter
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...
CVE-2026-15161
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...
EUVD-2026-45136
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...
CVE-2026-15160 Ninja Forms - Excel Export <= 3.3.6 - Missing Authorization to Authenticated (Subscriber+) XLS Write via Path Traversal
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...
CVE-2026-15159
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2026-15160
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...
EUVD-2026-45127
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...
EUVD-2026-45128
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2026-15160
Summary of CVE-2026-15160 : The Ninja Forms - Excel Export plugin for WordPress is vulnerable to a directory traversal flaw in all versions up to and including 3.3.6, exploitable via the spreadsheet_export_tmp_name parameter. This vulnerability allows an authenticated user with subscriber-level a...
CVE-2026-15159
Affected software: Ninja Forms - Excel Export plugin for WordPress. Vulnerability type: Insecure Direct Object Reference via the spreadsheet_export_form_id parameter. Root cause: missing validation on a user controlled key. Versions affected: all versions up to and including 3.3.6. Impact: authen...
CVE-2026-12862
The CVE-2026-12862 entry documents a formula-injection risk in XLSX exports where untrusted user data is passed directly to Excel exports for administrators. Root cause: untrusted data used in the export path enables Excel formulas to be interpreted when the file is opened, potentially compromisi...
CVE-2026-0814
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2026-42267
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...
CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...
GHSA-3XC2-H5R3-WV3R Kimai vulnerable to formula Injection via tag names in XLSX export
Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...
WordPress Advanced CF7 DB plugin <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability
Missing Authorization to Authenticated Subscriber+ Form Submissions Excel Export vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...