Lucene search
K

21 matches found

Nuclei
Nuclei
added yesterday69 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS6AI score0.1404EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/05/30 9:47 p.m.17 views

WordPress CSV Mass Importer plugin <= 1.2 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin CSV Mass Importer versions = 1.2...

7.2CVSS8.3AI score0.00489EPSS
Exploits3References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/19 6:9 a.m.13 views

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS6.8AI score0.00489EPSS
Exploits3References1
NVD
NVD
added 2025/05/17 6:15 a.m.43 views

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS0.00489EPSS
Exploits3References1
OSV
OSV
added 2025/05/17 6:15 a.m.7 views

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS5.9AI score0.00489EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/05/17 6:0 a.m.12 views

CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

6.9AI score0.00489EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/05/17 6:0 a.m.43 views

CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

0.00489EPSS
Exploits3References1
CVE
CVE
added 2025/05/17 6:0 a.m.57 views

CVE-2025-4190

CVE-2025-4190 affects the WordPress plugin CSV Mass Importer (v ≤ 1.2). The issue is improper validation of uploaded files, allowing high-privilege users (e.g., admins) to upload arbitrary files on the server (notably in multisite setups). Several sources confirm an admin+ arbitrary file upload v...

7.2CVSS7AI score0.00489EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.7 views

WordPress plugin CSV Mass Importer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7.5AI score0.00489EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.10 views

PT-2025-21780 · WordPress · Csv Mass Importer

Name of the Vulnerable Software and Affected Versions: CSV Mass Importer WordPress plugin versions 1.2 and earlier Description: The issue concerns the CSV Mass Importer WordPress plugin, which does not properly validate uploaded files. This allows high-privilege users, such as administrators, to...

7.2CVSS7.5AI score0.00489EPSS
Exploits3References6
GithubExploit
GithubExploit
added 2025/05/15 3:51 p.m.303 views

Exploit for CVE-2025-4190

CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...

7.2CVSS8AI score0.00489EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/05/07 10:56 a.m.491 views

Exploit for CVE-2025-4190

CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...

7.2CVSS8AI score0.00489EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/05/07 12:0 a.m.14 views

WordPress CSV Mass Importer 1.2 Shell Upload

WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...

7.2CVSS7.6AI score0.00489EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2022/06/01 12:0 a.m.10 views

Magento Mass Importer Credentials Disclosure

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. The purpose of this software is to help Magento websites administrators to manage their catalog through a dedicated web interface. When permissions are not properly...

7.4AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/11/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-2067

Directory traversal vulnerability in web/ajaxpluginconf.php in the MAGMI aka Magento Mass Importer plugin for Magento Server allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS7.4AI score0.39424EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.10 views

Magento Mass Importer Unauthenticated Access

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. The purpose of this software is to help Magento websites administrators to manage their catalog through a dedicated web interface. By directly accessing the Magmi URL wi...

8.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/27 12:0 a.m.21 views

Magento Mass Importer < 0.7.24 Remote Authentication Bypass

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.24 suffer from a remote authentication bypass vulnerability by exhausting the database connections pool and then allowing an...

9.8CVSS8.4AI score0.23897EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/27 12:0 a.m.38 views

Magento Mass Importer Cross-Site Request Forgery

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer suffers from a cross-site request forgery vulnerability, which could be used by an attacker to target a privileged user and perform malicious actio...

8.8CVSS8AI score0.14725EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/07/02 12:0 a.m.24 views

Magmi (Magento Mass Importer) < 0.7.23 XSS Vulnerability

Magmi is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.1CVSS6AI score0.08173EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/06/11 12:0 a.m.21 views

Magento Mass Importer < 0.7.23 Cross-Site Scripting

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.23 suffer from a cross-site scripting vulnerability through the prefix parameter of the /magmi/web/ajaxgettime.php URL, allowin...

6.1CVSS6.3AI score0.08173EPSS
Exploits0References3
Rows per page
Query Builder