CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

PKP-WAL 3.4.0-3 Remote Code Execution

--------------------------------------------------------------------------------- PKP-WAL getDeployment; 103. 104. $context = $deployment-getContext; 105. 106. $locale = $node-getAttribute'locale'; 107. if empty$locale 108. $locale = $context-getPrimaryLocale; 109. 110. 111. $coverImagelocale = ;...

WordPress Export any WordPress data to XML/CSV Plugin < 1.4.0 is vulnerable to Remote Code Execution (RCE)

Software Export any WordPress data to XML/CSV Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4724 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 6a309d1d1825 Credits Francesco Marano...

CVE-2023-47547

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin = 2.0.7 versions...

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

Design/Logic Flaw

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

PT-2023-30402 · Pkp-Wal · Pkp-Wal

Name of the Vulnerable Software and Affected Versions: PKP-WAL versions prior to 3.3.0-16 PKP-WAL versions prior to 3.4.0-3 Description: The issue arises from the failure to verify that a file named in an XML document, used for the native import/export plugin, is an image file before attempting t...

WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31077 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3a34d8e80f8d Credits...

Server side request forgery (ssrf)

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks...

WordPress Export any WordPress data to XML/CSV plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

WordPress Import and export users and customers plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Import and export users and customers plugin...

CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

WordPress 安全漏洞

WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin Import Export plugin that stems from a missing function check in the download function wpieprocessfiledownload in the /includes/classes/class-wpie-general.php file. An...

WordPress Export any WordPress data to XML/CSV plugin <= 1.3.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress Export any WordPress data to XML/CSV plugin versions = 1.3.0. Solution Update the WordPress Export any WordPress data to XML/CSV plugin to the latest available version at least 1.3.1...

CVE-2020-22277

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...

Design/Logic Flaw

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...

WordPress Comments Import & Export plugin <= 2.3.1 - CSV Injection vulnerability

CSV Injection vulnerability found by Bhushan B. Patil in WordPress Comments Import & Export plugin versions = 2.0.5. No fully patched version available...