69 matches found
PT-2024-16591 · WordPress · Buy One Click Woocommerce Plugin
Name of the Vulnerable Software and Affected Versions: Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 Description: The issue arises from a missing capability check on the buy one click export options AJAX action, allowing authenticated attackers with...
CVE-2024-42966
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...
TOTOLINK LR350 安全漏洞
TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...
TOTOLINK N350RT 安全漏洞
The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability ar...
CVE-2024-7156
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack m...
PT-2024-38118 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A vulnerability was found in the apmib Configuration Handler component, specifically affecting some unknown functionality of the file /cgi-bin/ExportSettings.sh. This issue leads to...
PT-2024-28264 · Wavlink · Wavlink Wn551K1
Name of the Vulnerable Software and Affected Versions: Wavlink WN551K1 affected versions not specified Description: The issue allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. Recommendations: At the moment, there is no information about a newer...
CVE-2024-5665
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...
Unspecified vulnerability in TOTOLINK EX200 ExportSettings.sh file
TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A security vulnerability exists in the TOTOLINK EX200, which stems from improper privilege...
CVE-2024-31815
In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...
CVE-2024-1340
The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateexportfile function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and...
CVE-2024-22543
An issue was discovered in Linksys Router E1700 1.0.04 build 3, allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/ URI or via the ExportSettings function...
Linksys E1700 Security Breach
Linksys E1700 is a wireless router from Linksys USA. A security vulnerability exists in Linksys E1700 version 1.0.04. An attacker can exploit the vulnerability to escalate privileges via a specially crafted GET request to the /goform/ URI or via the ExportSettings function...
CVE-2023-6496
The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...
PT-2024-14974 · WordPress · Manage Notification E-Mails Plugin
Name of the Vulnerable Software and Affected Versions: Manage Notification E-mails plugin for WordPress versions up to, and including, 1.8.5 Description: The issue concerns Missing Authorization, allowing unauthenticated attackers to obtain plugin settings via the card famne export settings...
WordPress Plugin WooCommerce Dynamic Pricing and Discounts Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2020-36736
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...
Cross site request forgery (csrf)
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...
WordPress Plugin Import / Export Customizer Settings 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...