CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11000 – Export WordPress Data with Advanced Filters < 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11000
25 Feb 2016 — The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. El plugin wp-ultimate-exporter versiones hasta 1.1 para WordPress, presenta una inyección SQL por medio del parámetro export_type_name. • https://seclists.org/bugtraq/2016/Feb/183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9306 – Easy Drag And drop All Import : WP Ultimate CSV Importer < 3.8.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9306
18 Aug 2015 — The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. El plugin wp-ultimate-csv-importer anterior a la versión 3.8.1 para WordPress tiene XSS. • https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10125 – WP Ultimate CSV Importer Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10125
05 May 2015 — A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. • https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-3263 – WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3263
24 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid paramet... • http://secunia.com/advisories/53170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-3264 – WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-3264
24 Sep 2013 — The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. El plugin WP Ultimate Email Marketer 1.1.0 y posiblemente versiones anteriores para Wordpress no restringe adecuadamente el acceso a (1) list/edit.php y (2) campaign/editCampaign.php, lo que permite a atacantes remotos modificar datos de lista o campaña. The WP Ultimate Email Mar... • http://secunia.com/advisories/53170 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •