170 matches found
CVE-2026-13430
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...
CVE-2026-13430
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...
CVE-2026-13430 Post Export Import with Media <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload via Trailing-Dot Filename Bypass in ZIP Media Import
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...
WordPress Post Export Import with Media plugin <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by ? in WordPress Plugin Post Export Import with Media versions = 1.13.1...
WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability
Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...
CVE-2026-5335
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability
Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...
WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection vulnerability
Authenticated Administrator+ PHP Object Injection vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...
CVE-2026-5335
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
PT-2026-36778
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
curl: Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy
Summary: curleasysslsexport iterates the SSL session list and invokes a caller-provided callback for each entry. If that callback calls curleasysslsimport on the same easy handle, the import path can evict and free the current session node while the export loop still holds it. The subsequent...
CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...
CVE-2026-1787
CVE-2026-1787 affects LearnPress Export Import (WordPress) up to version 4.1.0, due to a missing capability check in delete_migrated_data that allows unauthenticated attackers to delete courses migrated from Tutor LMS (Tutor LMS must be installed/activated). Connected sources indicate remediation...
CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletemigrateddata' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attacker...
PT-2026-21374
Name of the Vulnerable Software and Affected Versions LearnPress Export Import versions up to and including 4.1.0 Description The LearnPress Export Import WordPress extension for the LearnPress plugin is affected by a flaw that allows unauthorized data loss. A missing capability check within the...
WordPress plugin LearnPress Export Import – WordPress extension for LearnPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...