Filtered by vendor Smackcoders
Subscribe
Filtered by product Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv
Subscribe
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-10125 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-04-11 | 5.0 MEDIUM | 8.8 HIGH |
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. | |||||
CVE-2022-3243 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | N/A | 7.2 HIGH |
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | |||||
CVE-2022-3244 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | N/A | 4.2 MEDIUM |
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | |||||
CVE-2022-1977 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | 6.0 MEDIUM | 7.2 HIGH |
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | |||||
CVE-2022-0360 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | |||||
CVE-2018-20967 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
CVE-2015-9306 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. |