Lucene search
K

41 matches found

Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-12103 Wallet for WooCommerce <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) User/Email Enumeration via terawallet_export_user_search AJAX Action

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56957

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/30 9:4 a.m.10 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/30 7:16 a.m.11 views

CVE-2026-12240

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:52 a.m.10 views

EUVD-2026-40260

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS6.5AI score0.00341EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 6:52 a.m.24 views

CVE-2026-12240

The CVE-2026-12240 entry concerns the WordPress Export User Data plugin (up to version 2.2.6). Affected component: the unserialize path validation in the plugin allows an authenticated subscriber+ to trigger arbitrary file deletions on the server by exporting user data, with a crafted serialized ...

8CVSS6.5AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.16 views

PT-2026-53816

Name of the Vulnerable Software and Affected Versions Export User Data versions prior to 2.2.7 Description Insufficient file path validation in the unserialize function allows authenticated attackers with subscriber-level access or higher to delete arbitrary files on the server. This occurs when ...

8CVSS6.4AI score0.00341EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 10:46 a.m.51 views

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

7.2CVSS0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.65 views

PT-2026-42142

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

7.2CVSS5.8AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-11138

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-25399

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00287EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/22 8:26 p.m.13 views

CVE-2025-9241

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

6.5CVSS7.5AI score0.00287EPSS
Exploits1References1
CVE
CVE
added 2025/08/20 7:32 p.m.28 views

CVE-2025-9241

CVE-2025-9241 affects elunez eladmin up to version 2.7. The vulnerability resides in the exportUser function, which does not escape/export CSV content, enabling CSV injection. Exploitation can be remote and public exploits exist. Multiple connected sources corroborate the issue and identify the s...

7.5CVSS6.6AI score0.00287EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/08/20 7:32 p.m.6 views

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

5.3CVSS6.3AI score0.00287EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/08/20 7:32 p.m.19 views

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

6.5CVSS7.5AI score0.00287EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/20 7:32 p.m.40 views

CVE-2025-9241 elunez eladmin exportUser csv injection

A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited...

6.5CVSS0.00287EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.8 views

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez personal developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from the exportUser function not escaping and filtering exported CSV content, which allows remote attackers to inject malicious CSV loads...

7.5CVSS6.8AI score0.00287EPSS
Exploits1References5
OSV
OSV
added 2025/08/05 5:13 p.m.7 views

GHSA-57Q2-6CP4-9MQ3 XWiki exposes passwords and emails stored in fields not named password/email in xml.vm

Impact The XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This allows any user to obtain the salted and hashed user accou...

8.7CVSS6.3AI score0.01285EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.9 views

CVE-2024-3039

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml1,concat0x3f,md5123456,0x3f,1=1 leads to sql injection. It is...

9.8CVSS7.7AI score0.00698EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.8 views

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

5.4CVSS6.3AI score0.00637EPSS
Exploits1References1
Rows per page
Query Builder