CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

EUVD-2026-14256

The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'saveextrauserprofilefields' function not properly restricting which user meta keys can be updated via profile fields. The...

WordPress WP All Export plugin <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability

Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Export any WordPress data to XML/CSV versions = 1.4.14...

WordPress Import and export users and customers plugin <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by quanhx in WordPress Plugin Import and export users and customers versions = 1.26.6.1...

CVE-2025-14050 Design Import/Export <= 2.2 - Authenticated (Administrator+) SQL Injection via XML File Import

The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Malicious code in @posthog/snowflake-export-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64fb205150fc65f2334ab9ca1530bec4ef2d4dfea99ca328bfda4c70063ed793 The package @posthog/snowflake-export-plugin was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-198932

Malicious code in @posthog/snowflake-export-plugin npm...

CVE-2025-13133

The CVE-2025-13133 entry concerns the WordPress plugin Simple User Import Export (versions

CVE-2025-12389

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...

EUVD-2017-11956

Malware in sbrugna...

EUVD-2015-5562

Malware in sbrugna...

EUVD-2023-35406

Malicious code in bioql PyPI...

EUVD-2025-6803

Malicious code in bioql PyPI...

EUVD-2024-51694

Malicious code in bioql PyPI...

CVE-2025-58256

CVE-2025-58256 relates to DOAJ Export (WordPress plugin) and is an Stored XSS vulnerability due to improper input neutralization during web page generation, affecting DOAJ Export versions up to 1.0.4 (no mitigation/fix details provided in the supplied documents). Exploitation details and fixes ar...

CVE-2024-4656

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1340

The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateexportfile function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and...

CVE-2024-9377

The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...

CVE-2024-13623

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads...

WordPress plugin Order Export & Order Import for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...