28 matches found
CVE-2025-14508
The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...
EUVD-2025-203211
The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...
CVE-2025-14508
The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...
CVE-2025-14508 MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion
The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using uploadfiles capabilit...
CVE-2025-14508
CVE-2025-14508 : MediaCommander for WordPress allows unauthorized data deletion via the REST API endpoint import-csv due to a missing capability check. The endpoint uses an upload_files (Author-level) check for a destructive operation, enabling authenticated users with Author-level access or high...
WordPress plugin MediaCommander – Bring Folders to Media, Posts, and Pages 安全漏洞
...
PT-2025-51079
The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using upload files capabili...
WordPress Plugin Customer Reviews for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2022-2146
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...
CVE-2022-2146
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...
CVE-2022-2146 Import CSV Files <= 1.0 - Reflected Cross-Site Scripting
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...
CVE-2022-2146
Technical details about CVE-2022-2146 are not publicly available in the provided connected documents. Monitor for updates from vendors and security bulletins.
WordPress plugin Import CSV Files 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Import CSV Files plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Import CSV Files plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 16, 2022 and is not available for download. This closure is temporary, pending a full review...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17217)
Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/import-csv.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems fro...
CVE-2020-10412
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-csv.php by adding a question mark ? followed by the payload...
PT-2020-12082 · Chadha · Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/import-csv.php. This can be achieved by adding a question mark ? followed by the...
CVE-2018-20101
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...
CVE-2018-17408
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu...
WordPress Easy2Map plugin path traversal vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site. easy2Map is one of the support to create a customized Google Maps plugin. A path traversal vulnerability exists in...