Sql injection

The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection...

Code injection

The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit...

Cross site scripting

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2018-20978

CVE-2018-20978 affects the WordPress wp-all-import plugin for versions prior to 3.4.7. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-supplied data in the plugin, enabling an attacker to run malicious script in a victim’s browser. Public records...

CVE-2017-18567

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2017-18567

CVE-2017-18567 affects the WordPress wp-all-import plugin prior to 3.4.6, where an XSS vulnerability exists in input handling due to lack of proper validation of client-side data. This could allow attacker-controlled script execution when processing imported XML/CSV data. A fix is available in ve...

CVE-2015-9329

The CVE-2015-9329 entry concerns the WordPress plugin wp-all-import . It states that versions before 3.2.5 are vulnerable to reflected XSS . Product: WordPress plugin wp-all-import; Impact: user input reflected in responses leading to XSS; Root cause: improper sanitization/escaping in the affecte...

CVE-2015-9330

The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection...

CVE-2015-9330

The CVE-2015-9330 entry concerns the WordPress plugin wp-all-import, with a blind SQL injection vulnerability reported in versions before 3.2.5. Public sources (NVD, Red Hat, CNVD, CVE lists) consistently describe a SQL injection flaw in this plugin, aligned with a high/critical risk profile (CVS...

CVE-2015-9331

The CVE-2015-9331 flaw affects the WordPress plugin WP All Import, specifically versions up to 3.2.3 (CVE references also note

CVE-2016-10914

The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

Cross-site scripting in Apache Ranger

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix...

CVE-2017-18510

The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions...

CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...

Exploit for Code Injection in Apache Solr

Declaration The vulnerability detection methods, documentat...

WordPress Import users from CSV with meta plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Import users from CSV with meta is used in one of the import users plugin. A cross-site request forgery vulnerability exists in the...

PT-2019-13885 · Woocommerce · Woocommerce Product Add-Ons

Name of the Vulnerable Software and Affected Versions: woocommerce-product-addon plugin version prior to 18.4 Description: The issue allows for XSS via an import of a new meta data structure. Recommendations: For versions prior to 18.4, update to version 18.4 or later to resolve the issue...

FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)

Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...