Page 3 of 23 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-12074 – Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import

https://notcve.org/view.php?id=CVE-2020-12074

11 Mar 2020 — The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. El plugin users-customers-import-export-for-wp-woocommerce en versiones anteriores a la 1.3.9 para Wordpress permite a los suscriptores importar cuentas administrativas a través de CSV. The Product Import Export for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.7.4 due to missing capability checks on t... • https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 3

CVE-2019-15092 – Import Export WordPress Users and WooCommerce Customers <= 1.3.1 - CSV Injection

https://notcve.org/view.php?id=CVE-2019-15092

22 Aug 2018 — The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. El plugin webtoffee "Usuarios de WordPress y clientes de WooCommerce Import Export Export" 1.3.0 para WordPress permite la inyección de CSV en las columnas user_url, display_name, first_name y last_name en un archivo CSV exportado creado por la clase WF... • https://www.exploit-db.com/exploits/47303 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-11526 – WordPress Comments Import & Export <= 2.0.4 - CSV Injection

https://notcve.org/view.php?id=CVE-2018-11526

19 Jun 2018 — The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. El plugin "WordPress Comments Import Export" para WordPress (versiones 2.0.4 y anteriores) es vulnerable a una inyección de CSV. The WordPress Comments Import & Export plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.0.4 via the form fields. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code exec... • https://www.exploit-db.com/exploits/44940 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •