Lucene search
K

88 matches found

NVD
NVD
added 2019/08/22 8:15 p.m.20 views

CVE-2019-15328

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...

6.1CVSS6.4AI score0.00932EPSS
Exploits0References2
OSV
OSV
added 2019/08/22 8:15 p.m.4 views

CVE-2019-15327

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 8:15 p.m.16 views

Cross site request forgery (csrf)

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF...

6.8CVSS8.7AI score0.00691EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/08/22 8:15 p.m.21 views

Cross site scripting

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...

4.3CVSS6.4AI score0.00932EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/22 7:10 p.m.52 views

CVE-2019-15327

The CVE-2019-15327 vulnerability affects the WordPress plugin import-users-from-csv-with-meta (pre-1.14.1.3). The issue is an XSS via data imported into the plugin. Public documents indicate a fix in version 1.14.1.3 (VendorFix). The vulnerability is documented across multiple sources (NVD, Red H...

6.1CVSS6AI score0.00913EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/22 7:9 p.m.56 views

CVE-2019-15328

The CVE-2019-15328 entry concerns the WordPress plugin import-users-from-csv-with-meta, vulnerable prior to version 1.14.0.3. The issue is a cross-site scripting (XSS) flaw in the plugin, allowing an attacker to execute client-side code. Documented impact indicates the vulnerability affects the p...

6.1CVSS6.9AI score0.00932EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/22 7:9 p.m.22 views

CVE-2019-15328

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...

7AI score0.00932EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/22 12:0 a.m.2 views

WordPress import-users-from-csv-with-meta plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. import-users-from-csv-with-meta is a user data import plugin used in it. A cross-site request forgery vulnerability exists in WordPres...

8.8CVSS6.7AI score0.00691EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/22 12:0 a.m.3 views

WordPress import-users-from-csv-with-meta plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. import-users-from-csv-with-meta is a user data import plugin used in it. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6.2AI score0.00932EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/12 12:0 a.m.2 views

WordPress Import users from CSV with meta plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Import users from CSV with meta is used in one of the import users plugin. A cross-site request forgery vulnerability exists in the...

5.7CVSS6.7AI score0.00679EPSS
Exploits1References1
NVD
NVD
added 2019/08/08 8:15 p.m.20 views

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

5.7CVSS5.7AI score0.00679EPSS
Exploits1References4
OSV
OSV
added 2019/08/08 8:15 p.m.2 views

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

5.7CVSS6.2AI score0.00679EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/08/08 7:54 p.m.20 views

CVE-2019-14683

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

5.7AI score0.00679EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/08/08 12:0 a.m.4 views

PT-2019-13779 · WordPress · Import-Users-From-Csv-With-Meta

Name of the Vulnerable Software and Affected Versions: Import users from CSV with meta plugin versions prior to 1.14.2.2 Description: The issue allows for a CSRF attack via the "wp-admin/admin-ajax.php?action=acui delete attachment" API endpoint. This affects the "Import users from CSV with meta"...

5.7CVSS5.5AI score0.00679EPSS
Exploits1References7
OSV
OSV
added 2019/07/26 9:15 p.m.3 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

7.2CVSS7.1AI score0.01335EPSS
Exploits1References1
Patchstack
Patchstack
added 2019/06/26 12:0 a.m.12 views

WordPress Import users from CSV with meta plugin <= 1.14.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress Import users from CSV with meta plugin versions = 1.14.1.3. Solution Update the WordPress Import users from CSV with meta plugin to the latest available version at least 1.14.2.2...

3.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/22 12:0 a.m.24 views

Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal

CSRF leading to attachment deletion via the acuideleteattachment AJAX function...

5CVSS5.2AI score0.0232EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2019/04/25 12:0 a.m.106 views

osTicket 1.11 Cross Site Scripting / Local File Inclusion

Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link: https://github.com/osTicket/osTicket References:...

7.4AI score
Exploits0
NVD
NVD
added 2018/12/12 4:29 p.m.21 views

CVE-2018-20101

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...

6.1CVSS6.1AI score0.00782EPSS
Exploits0References2
Prion
Prion
added 2018/12/12 4:29 p.m.16 views

Design/Logic Flaw

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...

4.3CVSS6AI score0.00782EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder