Lucene search
+L

51 matches found

cnnvd
cnnvd
added 2023/12/18 12:0 a.m.6 views

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.8AI score0.0055EPSS
Exploits2References2
osv
osv
added 2023/12/06 11:15 p.m.3 views

CVE-2023-46354

In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...

7.5CVSS5.8AI score0.0059EPSS
Exploits0References1
attackerkb
attackerkb
added 2023/12/06 11:15 p.m.4 views

CVE-2023-46354

In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...

7.5CVSS5.8AI score0.0059EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/12/06 12:0 a.m.4 views

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Orders CSV, Excel Export PRO prior to version 5.2.0. The vulnerability...

7.5CVSS7.5AI score0.0059EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/06 12:0 a.m.5 views

PT-2023-29974 · Prestashop · Orders (Csv

Name of the Vulnerable Software and Affected Versions: Orders CSV, Excel Export PRO module for PrestaShop versions prior to 5.2.0 Description: The issue allows a guest to download personal information without restriction due to a lack of permissions control. This can lead to a leak of personal...

7.5CVSS7.4AI score0.0059EPSS
Exploits0References3
cve
cve
added 2023/12/06 12:0 a.m.37 views

CVE-2023-46354

The CVE-2023-46354 entry concerns PrestaShop’s Orders (CSV, Excel) Export PRO module (ordersexport)

7.5CVSS7.2AI score0.0059EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2023/11/24 12:0 a.m.16 views

WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5886 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID e2621499c15e Credits Alex Sanford Require...

8.8CVSS7AI score0.0055EPSS
Exploits2References2Affected Software1
patchstack
patchstack
added 2023/11/24 12:0 a.m.12 views

WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Remote Code Execution (RCE)

Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4724 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 62d42aeded33 Credits Francesco Marano @mrnfrancesco Donato ...

7.2CVSS7.6AI score0.01151EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2023/11/24 12:0 a.m.20 views

WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5882 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 7b07ed7b5d69 Credits Francesco Marano...

8.8CVSS7AI score0.0055EPSS
Exploits2References3Affected Software1
attackerkb
attackerkb
added 2023/11/17 2:15 a.m.5 views

CVE-2023-45387

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...

9.8CVSS7.3AI score0.00714EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/11/17 12:0 a.m.7 views

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Product Catalog CSV, Excel, XML Export PRO 5.0.0 and...

9.8CVSS7.9AI score0.00714EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/11/17 12:0 a.m.14 views

CVE-2023-45387

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...

7.9AI score0.00714EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/11/17 12:0 a.m.6 views

PT-2023-29543 · Prestashop · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Product Catalog CSV, Excel, XML Export PRO" versions prior to 5.0.0 Description: The issue allows a guest to perform SQL injection via the exportProduct:: addDataToDb function. Recommendations: For versions prior to 5.0.0,...

9.8CVSS9.8AI score0.00714EPSS
Exploits0References3
cvelist
cvelist
added 2023/11/17 12:0 a.m.27 views

CVE-2023-45387

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...

10AI score0.00714EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/10/25 6:17 p.m.7 views

CVE-2023-46346

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...

7.5CVSS5.7AI score0.00798EPSS
Exploits0References2
osv
osv
added 2023/10/25 6:17 p.m.5 views

CVE-2023-46346

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...

7.5CVSS5.7AI score0.00798EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/10/25 12:0 a.m.4 views

PrestaShop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Product Catalog CSV, Excel, XML Export PRO 4.1.1 and...

7.5CVSS6.8AI score0.00798EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/10/24 12:0 a.m.5 views

PT-2023-29967 · Unknown · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel, XML Export PRO versions up to 4.1.1 Description: A path traversal attack can be performed by a guest to download personal information without restriction. This is due to a lack of permissions control and a lack of...

7.5CVSS6.8AI score0.00798EPSS
Exploits0References4
nvd
nvd
added 2022/10/25 5:15 p.m.25 views

CVE-2022-3394

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

7.2CVSS0.01307EPSS
Exploits2References1
prion
prion
added 2022/10/25 5:15 p.m.21 views

Code injection

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

5.8CVSS7.2AI score0.01307EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder