CVE-2019-14683 – Import and export users and customers <= 1.14.1.3 - Cross-Site Request Forgery leading to attachment deletion & Path Traversal
https://notcve.org/view.php?id=CVE-2019-14683
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. El complemento de codificación "Import users from CSV with meta" en versiones anteriores a 1.14.2.2 para WordPress permite wp-admin / admin-ajax.php? Action = acui_delete_attachment CSRF. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-15326 – Import and export users and customers <= 1.14.2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-15326
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.2.1 para WordPress, presenta un salto de directorio. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers https://wpvulndb.com/vulnerabilities/9392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-15327 – Import and export users and customers <= 1.14.1.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15327
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.1.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de datos importados. • https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15328 – Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15328
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15329 – Import and export users and customers <= 1.14.0.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15329
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450 https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •