Filtered by vendor Smackcoders
Subscribe
Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2487 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2023-12-29 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | |||||
| CVE-2023-45066 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | |||||
| CVE-2023-4139 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 7.5 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files. | |||||
| CVE-2023-4140 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter. | |||||
| CVE-2023-4141 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. | |||||
| CVE-2023-4142 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution. | |||||
| CVE-2022-1977 | 1 Smackcoders | 1 Download Import All Xml\, Csv \& Txt Into Wordpress | 2022-07-06 | 6.0 MEDIUM | 7.2 HIGH |
| The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2016-10985 | 1 Smackcoders | 1 Echo Sign | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | |||||
| CVE-2016-10984 | 1 Smackcoders | 1 Echo Sign | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | |||||
| CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2015-9306 | 1 Smackcoders | 1 Ultimate Csv Importer | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | |||||
| CVE-2013-3263 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2013-11-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php. | |||||
| CVE-2013-3264 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2013-11-06 | 6.4 MEDIUM | N/A |
| The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. | |||||