Show filters
20 Total Results
Displaying 11-20 of 20
Sort by:
Attacker Value
Unknown

CVE-2022-1255

Disclosure Date: May 02, 2022 (last updated February 23, 2025)
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-22277

Disclosure Date: November 04, 2020 (last updated February 22, 2025)
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-15329

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
0
0
Attacker Value
Unknown

CVE-2019-15328

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
0
0
Attacker Value
Unknown

CVE-2019-15326

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
0
0
Attacker Value
Unknown

CVE-2019-15327

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
0
0
Attacker Value
Unknown

CVE-2015-9336

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
0
0
Attacker Value
Unknown

CVE-2019-14683

Disclosure Date: August 08, 2019 (last updated November 27, 2024)
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-20101

Disclosure Date: December 12, 2018 (last updated November 27, 2024)
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.
0
0
Attacker Value
Unknown

CVE-2017-8875

Disclosure Date: May 10, 2017 (last updated November 26, 2024)
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.
0
0
View More Topics  < Previous