101 matches found
WordPress 插件 SQL注入漏洞
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Meta plugin is an application plugin for WordPress. A SQL injection vulnerability exists in the WordPress Export Users...
WordPress Export Users With Meta plugin <= 0.6.4 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export Users With Meta plugin versions = 0.6.4. Solution Update the WordPress Export Users With Meta plugin to the latest available version at least 0.6.5...
Export Users With Meta < 0.6.5 - Authenticated SQL Injection
The plugin did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. POST /wp-admin/users.php?page=uewmsettings HTTP/1.1 Accept:...
CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...
Design/Logic Flaw
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...
CVE-2020-9466
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...
CVE-2020-9466
CVE-2020-9466 affects the WordPress plugin Export Users to CSV (≤1.4.2). An attacker who can register as a subscriber can inject CSV payloads into user-details fields; when an authenticated admin exports user data to CSV and opens it, the payload can execute (e.g., redirections to malicious sites...
Export Users to CSV <= 1.4.2 - CSV Injection
An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...
Export Users to CSV <= 1.4.2 - CSV Injection
An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...
WordPress Export Users to CSV plugin <= 1.4.2 - CSV Injection vulnerability
CSV Injection vulnerability found by Jinson Varghese Behanan in WordPress Export Users to CSV plugin versions = 1.4.2. Solution 2020 Feb. 26 - no patched version available...
PT-2019-6281 · WordPress · Wp Users Exporter
Name of the Vulnerable Software and Affected Versions: WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to CSV Injection via the 'Export Users' functionality, allowing authenticated attackers to embed untrusted input into profile...
Import users from CSV with meta <= 1.14.0.2 - XSS and CSRF
The Import and export users and customers WordPress plugin was affected by a XSS and CSRF security vulnerability...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
Design/Logic Flaw
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The CVE-2018-15571 entry concerns the WordPress Export Users to CSV plugin (versions up to 1.1.1). The connected documents confirm a CSV injection vulnerability in the plugin, enabling an attacker to craft CSV fields that execute commands when a CSV file is opened by a user with sufficient privil...
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link:...
Wordpress Export Users to CSV 1.1.1 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version:...
Export Users to CSV <= 1.1.1 - CSV Injection
WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege...
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...