Lucene search
+L

8173 matches found

NVD
NVD
added 2 days ago11 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS0.00156EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago89 views

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

7.5CVSS7.3AI score0.34293EPSS
Exploits1
NVD
NVD
added 2 days ago9 views

CVE-2026-15160

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS0.00459EPSS
Exploits0References4
NVD
NVD
added 2 days ago11 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.00178EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress (up to v3.3.6) is affected by a Stored XSS due to save_filter() storing raw $_POST['filter'] without capability check, nonce verification, or sanitization. The get_filter_row() code concatenates stored filter values into HTML attributes without ...

6.4CVSS6.2AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS6.2AI score0.00156EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45136

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS6.2AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15161 Ninja Forms - Excel Export <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'filter' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS0.00156EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-15160

Summary of CVE-2026-15160 : The Ninja Forms - Excel Export plugin for WordPress is vulnerable to a directory traversal flaw in all versions up to and including 3.3.6, exploitable via the spreadsheet_export_tmp_name parameter. This vulnerability allows an authenticated user with subscriber-level a...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References4
CVE
CVE
added 2 days ago15 views

CVE-2026-15159

Affected software: Ninja Forms - Excel Export plugin for WordPress. Vulnerability type: Insecure Direct Object Reference via the spreadsheet_export_form_id parameter. Root cause: missing validation on a user controlled key. Versions affected: all versions up to and including 3.3.6. Impact: authen...

4.3CVSS6AI score0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6AI score0.00178EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-45128

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6AI score0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-15160

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45127

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score0.00459EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-15160 Ninja Forms - Excel Export <= 3.3.6 - Missing Authorization to Authenticated (Subscriber+) XLS Write via Path Traversal

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS0.00459EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-50124

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where...

7.1CVSS0.00322EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-50124

DataEase prior to version 2.10.23 contains a remote code execution vulnerability triggered by uploading payload.zip via the Excel upload API (/datasource/upload). This creates an H2 datasource using the zip: protocol, and when the SQL dataset path is executed, CalciteProvider.jdbcFetchResultField...

7.1CVSS6.3AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

CVE-2026-50124 DataEase: Remote Code Execution (RCE) via Zip Protocol & File Dropper

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where...

7.1CVSS6.3AI score0.00322EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-50124 DataEase: Remote Code Execution (RCE) via Zip Protocol & File Dropper

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where...

7.1CVSS0.00322EPSS
Exploits0References4
Rows per page
Query Builder