Filtered by vendor Smackcoders
Subscribe
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3860 | 1 Smackcoders | 1 Visual Email Designer For Woocommerce | 2023-01-09 | N/A | 8.8 HIGH |
| The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. | |||||
| CVE-2022-3244 | 1 Smackcoders | 1 An Ultimate Wordpress Importer Cum Migration As Csv \& Xml | 2022-10-20 | N/A | 4.2 MEDIUM |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | |||||
| CVE-2022-3243 | 1 Smackcoders | 1 An Ultimate Wordpress Importer Cum Migration As Csv \& Xml | 2022-10-20 | N/A | 7.2 HIGH |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-1977 | 1 Smackcoders | 1 Download Import All Xml\, Csv \& Txt Into Wordpress | 2022-07-06 | 6.0 MEDIUM | 7.2 HIGH |
| The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | |||||
| CVE-2022-0360 | 1 Smackcoders | 1 Easy Drag And Drop All Import | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2019-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2016-10985 | 1 Smackcoders | 1 Echo Sign | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | |||||
| CVE-2016-10984 | 1 Smackcoders | 1 Echo Sign | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | |||||
| CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2015-9306 | 1 Smackcoders | 1 Ultimate Csv Importer | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | |||||
| CVE-2013-3263 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2013-11-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php. | |||||
| CVE-2013-3264 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2013-11-06 | 6.4 MEDIUM | N/A |
| The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. | |||||