CVE-2026-25124

CVE-2026-25124 : OpenEMR prior to version 8.0.0 contains an access control flaw in the message_list.php report export functionality. There is no permission check before executing sensitive database queries; only CSRF token verification exists, which does not prevent unauthorized data access if a ...

CVE-2025-15442

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2020-36730

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

CVE-2024-11396

CVE-2024-11396 : The WordPress plugin Event Monster – Event Management, Tickets Booking, Upcoming Event (versions up to 1.4.3) allows information exposure via the Visitors List Export. During export, a CSV is created in wp-content with a public filename, letting unauthenticated attackers access v...

CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

WordPress Export customers list csv for WooCommerce Plugin <= 2.0.7 is vulnerable to Broken Access Control

Software Export customers list csv for WooCommerce Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e6d6b8682f99 Credits WordFence...

Authorization

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view...

ZOHO ManageEngine ServiceDesk Plus 输入验证错误漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules...

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls

Some of the AJAX calls from the plugin do not properly check for capabilities and CSRF tokens, leading to issues such as arbitrary post read, subscribers list export and plugin deactivation...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Subscribers List Export vulnerability

Unauthenticated Subscribers List Export vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...