Lucene search
K

170 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-13430

The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...

7.2CVSS0.00615EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13430

The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-13430 Post Export Import with Media <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload via Trailing-Dot Filename Bypass in ZIP Media Import

The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...

7.2CVSS0.00615EPSS
Exploits0References7
Patchstack
Patchstack
added 5 days ago8 views

WordPress Post Export Import with Media plugin <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by ? in WordPress Plugin Post Export Import with Media versions = 1.13.1...

7.2CVSS5.9AI score0.00615EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:6 p.m.14 views

WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...

5.3CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS5.5AI score0.0027EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 2:19 p.m.10 views

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

4.9CVSS5.5AI score0.00646EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 1:35 p.m.10 views

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

6.6CVSS5.5AI score0.0045EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/04 7:16 a.m.22 views

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 6:0 a.m.37 views

CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 6:0 a.m.6 views

CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.8AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36778

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.8AI score0.0027EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/04/18 11:22 p.m.18 views

curl: Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy

Summary: curleasysslsexport iterates the SSL session list and invokes a caller-provided callback for each entry. If that callback calls curleasysslsimport on the same easy handle, the import path can evict and free the current session node while the export loop still holds it. The subsequent...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/21 10:37 a.m.5 views

CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...

4.8CVSS5.4AI score0.0023EPSS
Exploits0References3
CVE
CVE
added 2026/02/21 10:37 a.m.21 views

CVE-2026-1787

CVE-2026-1787 affects LearnPress Export Import (WordPress) up to version 4.1.0, due to a missing capability check in delete_migrated_data that allows unauthenticated attackers to delete courses migrated from Tutor LMS (Tutor LMS must be installed/activated). Connected sources indicate remediation...

4.8CVSS5.6AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/21 10:37 a.m.24 views

CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...

4.8CVSS0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.9 views

PT-2026-21374

Name of the Vulnerable Software and Affected Versions LearnPress Export Import versions up to and including 4.1.0 Description The LearnPress Export Import WordPress extension for the LearnPress plugin is affected by a flaw that allows unauthorized data loss. A missing capability check within the...

4.8CVSS5.3AI score0.0023EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.12 views

WordPress plugin LearnPress Export Import – WordPress extension for LearnPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.8CVSS5.8AI score0.0023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/20 5:21 p.m.6 views

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

8.3CVSS6.3AI score0.00411EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/19 4:51 p.m.21 views

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

8.3CVSS0.00411EPSS
Exploits1References3
Rows per page
Query Builder