EUVD-2018-7445

Malware in sbrugna...

CVE-2020-9466

CVE-2020-9466 affects the WordPress plugin Export Users to CSV (≤1.4.2). An attacker who can register as a subscriber can inject CSV payloads into user-details fields; when an authenticated admin exports user data to CSV and opens it, the payload can execute (e.g., redirections to malicious sites...

Export Users to CSV <= 1.4.2 - CSV Injection

An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads formula into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload ge...

WordPress Users to CSV plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. A cross-site request forgery vulnerability exists in the WordPress Users...

Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)

The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability. http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=users http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=comments...

WordPress Users To CSV 1.4.5 Cross Site Request Forgery

Title: Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 Submitter: Nitin Venkatesh Product: Users to CSV Wordpress Plugin Product URL: https://wordpress.org/plugins/users-to-csv/ disabled Plugin SVN URL: https://plugins.svn.wordpress.org/users-to-csv/ active...