88 matches found
CVE-2019-15328
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...
CVE-2019-15327
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data...
Cross site request forgery (csrf)
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF...
Cross site scripting
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...
CVE-2019-15327
The CVE-2019-15327 vulnerability affects the WordPress plugin import-users-from-csv-with-meta (pre-1.14.1.3). The issue is an XSS via data imported into the plugin. Public documents indicate a fix in version 1.14.1.3 (VendorFix). The vulnerability is documented across multiple sources (NVD, Red H...
CVE-2019-15328
The CVE-2019-15328 entry concerns the WordPress plugin import-users-from-csv-with-meta, vulnerable prior to version 1.14.0.3. The issue is a cross-site scripting (XSS) flaw in the plugin, allowing an attacker to execute client-side code. Documented impact indicates the vulnerability affects the p...
CVE-2019-15328
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...
WordPress import-users-from-csv-with-meta plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. import-users-from-csv-with-meta is a user data import plugin used in it. A cross-site request forgery vulnerability exists in WordPres...
WordPress import-users-from-csv-with-meta plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. import-users-from-csv-with-meta is a user data import plugin used in it. A cross-site scripting vulnerability exists in WordPress...
WordPress Import users from CSV with meta plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Import users from CSV with meta is used in one of the import users plugin. A cross-site request forgery vulnerability exists in the...
CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...
CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...
CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...
PT-2019-13779 · WordPress · Import-Users-From-Csv-With-Meta
Name of the Vulnerable Software and Affected Versions: Import users from CSV with meta plugin versions prior to 1.14.2.2 Description: The issue allows for a CSRF attack via the "wp-admin/admin-ajax.php?action=acui delete attachment" API endpoint. This affects the "Import users from CSV with meta"...
CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...
WordPress Import users from CSV with meta plugin <= 1.14.1.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found in WordPress Import users from CSV with meta plugin versions = 1.14.1.3. Solution Update the WordPress Import users from CSV with meta plugin to the latest available version at least 1.14.2.2...
Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal
CSRF leading to attachment deletion via the acuideleteattachment AJAX function...
osTicket 1.11 Cross Site Scripting / Local File Inclusion
Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link: https://github.com/osTicket/osTicket References:...
CVE-2018-20101
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...
Design/Logic Flaw
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell...