Lucene search
K

101 matches found

CNNVD
CNNVD
added 2021/07/06 12:0 a.m.6 views

WordPress 插件 SQL注入漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Meta plugin is an application plugin for WordPress. A SQL injection vulnerability exists in the WordPress Export Users...

7.2CVSS6AI score0.01416EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.28 views

WordPress Export Users With Meta plugin <= 0.6.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export Users With Meta plugin versions = 0.6.4. Solution Update the WordPress Export Users With Meta plugin to the latest available version at least 0.6.5...

7.2CVSS3.1AI score0.01416EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/06/21 12:0 a.m.734 views

Export Users With Meta < 0.6.5 - Authenticated SQL Injection

The plugin did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. POST /wp-admin/users.php?page=uewmsettings HTTP/1.1 Accept:...

7.2CVSS1AI score0.01416EPSS
Exploits2
OSV
OSV
added 2020/11/04 5:15 p.m.5 views

CVE-2020-22277

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...

8CVSS7.3AI score0.01827EPSS
Exploits1References3
Prion
Prion
added 2020/02/28 8:15 p.m.16 views

Design/Logic Flaw

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...

5.8CVSS6.3AI score0.01318EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/28 7:42 p.m.23 views

CVE-2020-9466

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...

6.4AI score0.01318EPSS
Exploits1References3
CVE
CVE
added 2020/02/28 7:42 p.m.138 views

CVE-2020-9466

CVE-2020-9466 affects the WordPress plugin Export Users to CSV (≤1.4.2). An attacker who can register as a subscriber can inject CSV payloads into user-details fields; when an authenticated admin exports user data to CSV and opens it, the payload can execute (e.g., redirections to malicious sites...

6.1CVSS6.3AI score0.01318EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/26 12:0 a.m.16 views

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

5.8CVSS1.3AI score0.01318EPSS
Exploits1References2Affected Software1
wpexploit
wpexploit
added 2020/02/26 12:0 a.m.22 views

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

5.8CVSS0.1AI score0.01318EPSS
Exploits1References2
Patchstack
Patchstack
added 2020/02/26 12:0 a.m.8 views

WordPress Export Users to CSV plugin <= 1.4.2 - CSV Injection vulnerability

CSV Injection vulnerability found by Jinson Varghese Behanan in WordPress Export Users to CSV plugin versions = 1.4.2. Solution 2020 Feb. 26 - no patched version available...

3AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/12/30 12:0 a.m.6 views

PT-2019-6281 · WordPress · Wp Users Exporter

Name of the Vulnerable Software and Affected Versions: WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to CSV Injection via the 'Export Users' functionality, allowing authenticated attackers to embed untrusted input into profile...

8.8CVSS8.4AI score0.01053EPSS
Exploits1References7
WPVulnDB
WPVulnDB
added 2019/03/14 12:0 a.m.24 views

Import users from CSV with meta <= 1.14.0.2 - XSS and CSRF

The Import and export users and customers WordPress plugin was affected by a XSS and CSRF security vulnerability...

6.8CVSS3.6AI score0.00932EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/08/28 5:29 p.m.16 views

CVE-2018-15571

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...

8.6CVSS8.8AI score0.01498EPSS
Exploits1References2
Prion
Prion
added 2018/08/28 5:29 p.m.15 views

Design/Logic Flaw

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...

6.8CVSS8.8AI score0.01498EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/08/28 5:0 p.m.18 views

CVE-2018-15571

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...

8.8AI score0.01498EPSS
Exploits1References2
CVE
CVE
added 2018/08/28 5:0 p.m.48 views

CVE-2018-15571

The CVE-2018-15571 entry concerns the WordPress Export Users to CSV plugin (versions up to 1.1.1). The connected documents confirm a CSV injection vulnerability in the plugin, enabling an attacker to craft CSV fields that execute commands when a CSV file is opened by a user with sufficient privil...

8.6CVSS8.7AI score0.01498EPSS
Exploits1References2Affected Software1
exploitpack
exploitpack
added 2018/08/16 12:0 a.m.20 views

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/08/16 12:0 a.m.34 views

Wordpress Export Users to CSV 1.1.1 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version:...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2018/08/16 12:0 a.m.14 views

Export Users to CSV <= 1.1.1 - CSV Injection

WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...

6.8CVSS1.1AI score0.01498EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2018/08/16 12:0 a.m.27 views

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...

7.4AI score
Exploits0
Rows per page
Query Builder