Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Smackcoders Security Vulnerabilities

cve
cve

CVE-2015-10125

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

8.8CVSS

8.6AI Score

0.001EPSS

2023-10-05 11:15 PM
29
cve
cve

CVE-2023-2487

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through...

7.5CVSS

7.4AI Score

0.001EPSS

2023-12-21 02:15 PM
45
cve
cve

CVE-2023-45066

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-30 03:15 PM
25
cve
cve

CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if...

8.8CVSS

8.6AI Score

0.001EPSS

2023-08-04 03:15 AM
16
cve
cve

CVE-2023-4141

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

8.8CVSS

8.8AI Score

0.002EPSS

2023-08-04 03:15 AM
15
cve
cve

CVE-2023-4142

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

8.8CVSS

9AI Score

0.002EPSS

2023-08-04 03:15 AM
28
cve
cve

CVE-2023-4139

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported...

7.5CVSS

7.5AI Score

0.001EPSS

2023-08-04 03:15 AM
16
cve
cve

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...

8.8CVSS

8.9AI Score

0.001EPSS

2023-01-02 10:15 PM
33
cve
cve

CVE-2022-1977

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF...

7.2CVSS

6.8AI Score

0.001EPSS

2022-06-27 09:15 AM
46
9
cve
cve

CVE-2022-3243

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as...

7.2CVSS

7.2AI Score

0.001EPSS

2022-10-17 12:15 PM
31
3
cve
cve

CVE-2018-20967

The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has...

8.8CVSS

8.7AI Score

0.001EPSS

2019-08-14 04:15 PM
30
cve
cve

CVE-2015-9306

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has...

6.1CVSS

6.4AI Score

0.001EPSS

2019-08-12 03:15 PM
20
cve
cve

CVE-2022-3244

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related...

4.2CVSS

4.3AI Score

0.001EPSS

2022-10-17 12:15 PM
36
3
cve
cve

CVE-2022-0360

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting...

4.8CVSS

4.8AI Score

0.001EPSS

2022-02-28 09:15 AM
73
cve
cve

CVE-2013-3263

Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4)...

6AI Score

0.001EPSS

2022-10-03 04:14 PM
14
cve
cve

CVE-2013-3264

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign...

7AI Score

0.003EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2016-11000

The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name...

9.8CVSS

9.9AI Score

0.002EPSS

2019-09-20 03:15 PM
48
cve
cve

CVE-2016-10985

The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id...

6.1CVSS

6AI Score

0.001EPSS

2019-09-17 03:15 PM
13
cve
cve

CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page...

6.1CVSS

6AI Score

0.001EPSS

2019-09-17 03:15 PM
28
cve
cve

CVE-2018-20968

The wp-ultimate-exporter plugin before 1.4.2 for WordPress has...

8.8CVSS

8.7AI Score

0.001EPSS

2019-08-14 04:15 PM
25