103 matches found
GHSA-496G-MMPW-J9X3 misskey.js's export data contains private post data
Summary After adding private posts followers, direct that you do not have permission to view to your favorites or clips, you can export them to view the contents of the private posts. PoC 1. Create an account X for testing and an account Y for private posts on the same server. 2. Send appropriate...
misskey.js's export data contains private post data
Summary After adding private posts followers, direct that you do not have permission to view to your favorites or clips, you can export them to view the contents of the private posts. PoC 1. Create an account X for testing and an account Y for private posts on the same server. 2. Send appropriate...
CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
CVE-2025-42891
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...
CVE-2025-42891
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...
CVE-2025-13528
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...
CVE-2025-13528
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...
CVE-2025-13528
CVE-2025-13528 concerns the WordPress plugin Feedback Modal for Website (WordPress plugin). The vulnerability is an unauthenticated data export exposure via the export_data parameter caused by a missing capability check on the handle_export function in all versions up to and including 1.0.1. Mult...
EUVD-2025-201363
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...
PT-2025-49215
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle export' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV o...
CVE-2025-13606
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...
CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...
CVE-2025-13606
The WordPress plugin WP Ultimate Exporter (Export All Posts, Products, Orders, Refunds & Users) is affected by Cross‑Site Request Forgery up to version 2.19 due to missing or incorrect nonce validation in parseData, enabling unauthenticated attackers to exfiltrate sensitive data (including user d...
CVE-2025-12894
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...
CVE-2025-12894
CVE-2025-12894 affects the WordPress Import WP plugin (
PT-2025-47698
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated...
EUVD-2025-179382
Malicious code in decode-export-data-cold-error npm...
EUVD-2025-11511
Malicious code in bioql PyPI...
EUVD-2022-27270
Malicious code in bioql PyPI...
EUVD-2022-44807
Malicious code in bioql PyPI...