21 matches found
Magento Server Mass Importer - Cross-Site Scripting
Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...
WordPress CSV Mass Importer plugin <= 1.2 - Admin+ Arbitrary File Upload vulnerability
Admin+ Arbitrary File Upload vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin CSV Mass Importer versions = 1.2...
CVE-2025-4190
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2025-4190
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2025-4190
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2025-4190
CVE-2025-4190 affects the WordPress plugin CSV Mass Importer (v ≤ 1.2). The issue is improper validation of uploaded files, allowing high-privilege users (e.g., admins) to upload arbitrary files on the server (notably in multisite setups). Several sources confirm an admin+ arbitrary file upload v...
WordPress plugin CSV Mass Importer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21780 · WordPress · Csv Mass Importer
Name of the Vulnerable Software and Affected Versions: CSV Mass Importer WordPress plugin versions 1.2 and earlier Description: The issue concerns the CSV Mass Importer WordPress plugin, which does not properly validate uploaded files. This allows high-privilege users, such as administrators, to...
Exploit for CVE-2025-4190
CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...
Exploit for CVE-2025-4190
CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...
WordPress CSV Mass Importer 1.2 Shell Upload
WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...
Magento Mass Importer Credentials Disclosure
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. The purpose of this software is to help Magento websites administrators to manage their catalog through a dedicated web interface. When permissions are not properly...
VulnCheck KEV: CVE-2015-2067
Directory traversal vulnerability in web/ajaxpluginconf.php in the MAGMI aka Magento Mass Importer plugin for Magento Server allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
Magento Mass Importer Unauthenticated Access
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. The purpose of this software is to help Magento websites administrators to manage their catalog through a dedicated web interface. By directly accessing the Magmi URL wi...
Magento Mass Importer < 0.7.24 Remote Authentication Bypass
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.24 suffer from a remote authentication bypass vulnerability by exhausting the database connections pool and then allowing an...
Magento Mass Importer Cross-Site Request Forgery
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer suffers from a cross-site request forgery vulnerability, which could be used by an attacker to target a privileged user and perform malicious actio...
Magmi (Magento Mass Importer) < 0.7.23 XSS Vulnerability
Magmi is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Magento Mass Importer < 0.7.23 Cross-Site Scripting
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.23 suffer from a cross-site scripting vulnerability through the prefix parameter of the /magmi/web/ajaxgettime.php URL, allowin...