51 matches found
WordPress Plugin WP All Export Pro Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-46354
In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...
CVE-2023-46354
In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Orders CSV, Excel Export PRO prior to version 5.2.0. The vulnerability...
PT-2023-29974 · Prestashop · Orders (Csv
Name of the Vulnerable Software and Affected Versions: Orders CSV, Excel Export PRO module for PrestaShop versions prior to 5.2.0 Description: The issue allows a guest to download personal information without restriction due to a lack of permissions control. This can lead to a leak of personal...
CVE-2023-46354
The CVE-2023-46354 entry concerns PrestaShop’s Orders (CSV, Excel) Export PRO module (ordersexport)
WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5886 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID e2621499c15e Credits Alex Sanford Require...
WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Remote Code Execution (RCE)
Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4724 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 62d42aeded33 Credits Francesco Marano @mrnfrancesco Donato ...
WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5882 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 7b07ed7b5d69 Credits Francesco Marano...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Product Catalog CSV, Excel, XML Export PRO 5.0.0 and...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
PT-2023-29543 · Prestashop · Product Catalog (Csv
Name of the Vulnerable Software and Affected Versions: PrestaShop module "Product Catalog CSV, Excel, XML Export PRO" versions prior to 5.0.0 Description: The issue allows a guest to perform SQL injection via the exportProduct:: addDataToDb function. Recommendations: For versions prior to 5.0.0,...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
CVE-2023-46346
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...
CVE-2023-46346
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...
PrestaShop Path Traversal Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Product Catalog CSV, Excel, XML Export PRO 4.1.1 and...
PT-2023-29967 · Unknown · Product Catalog (Csv
Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel, XML Export PRO versions up to 4.1.1 Description: A path traversal attack can be performed by a guest to download personal information without restriction. This is due to a lack of permissions control and a lack of...
CVE-2022-3394
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
Code injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...