Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

FKIE_CVE-2019-15327

Vulnerability from fkie_nvd - Published: 2019-08-22 20:15 - Updated: 2024-11-21 04:28

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

References

	URL	Tags
	cve@mitre.org	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
	af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes

Impacted products

	Vendor	Product	Version
	codection	import_users_from_csv_with_meta	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codection:import_users_from_csv_with_meta:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "15C6533C-A17B-4E7F-9DA9-C28B272D5913",
              "versionEndExcluding": "1.14.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data."
    },
    {
      "lang": "es",
      "value": "El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.1.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de datos importados."
    }
  ],
  "id": "CVE-2019-15327",
  "lastModified": "2024-11-21T04:28:27.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-22T20:15:12.207",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-15329

Vulnerability from fkie_nvd - Published: 2019-08-22 20:15 - Updated: 2024-11-21 04:28

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

References

URL	Tags
cve@mitre.org	https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450	Third Party Advisory
cve@mitre.org	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes

Impacted products

	Vendor	Product	Version
	codection	import_users_from_csv_with_meta	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codection:import_users_from_csv_with_meta:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "284BB96B-2179-45D4-82ED-6906F6331F80",
              "versionEndExcluding": "1.14.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF."
    },
    {
      "lang": "es",
      "value": "El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo CSRF."
    }
  ],
  "id": "CVE-2019-15329",
  "lastModified": "2024-11-21T04:28:28.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-22T20:15:12.347",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-15326

Vulnerability from fkie_nvd - Published: 2019-08-22 20:15 - Updated: 2024-11-21 04:28

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

References

URL	Tags
cve@mitre.org	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
cve@mitre.org	https://wpvulndb.com/vulnerabilities/9392	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://wpvulndb.com/vulnerabilities/9392	Third Party Advisory

Impacted products

	Vendor	Product	Version
	codection	import_users_from_csv_with_meta	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codection:import_users_from_csv_with_meta:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "25FC5493-1C55-4402-A5CC-761BCE05C6D9",
              "versionEndExcluding": "1.14.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal."
    },
    {
      "lang": "es",
      "value": "El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.2.1 para WordPress, presenta un salto de directorio."
    }
  ],
  "id": "CVE-2019-15326",
  "lastModified": "2024-11-21T04:28:27.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-22T20:15:12.143",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpvulndb.com/vulnerabilities/9392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpvulndb.com/vulnerabilities/9392"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-15328

Vulnerability from fkie_nvd - Published: 2019-08-22 20:15 - Updated: 2024-11-21 04:28

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

References

URL	Tags
cve@mitre.org	https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450	Third Party Advisory
cve@mitre.org	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes

Impacted products

	Vendor	Product	Version
	codection	import_users_from_csv_with_meta	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codection:import_users_from_csv_with_meta:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "284BB96B-2179-45D4-82ED-6906F6331F80",
              "versionEndExcluding": "1.14.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS."
    },
    {
      "lang": "es",
      "value": "El plugin import-users-from-csv-with-meta versiones anteriores a 1.14.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS."
    }
  ],
  "id": "CVE-2019-15328",
  "lastModified": "2024-11-21T04:28:27.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-22T20:15:12.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-14683

Vulnerability from fkie_nvd - Published: 2019-08-08 20:15 - Updated: 2024-11-21 04:27

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Summary

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

References

URL	Tags
cve@mitre.org	https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013	Product
cve@mitre.org	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
cve@mitre.org	https://wpvulndb.com/vulnerabilities/9392	Third Party Advisory
cve@mitre.org	https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013	Product
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://wpvulndb.com/vulnerabilities/9392	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	codection	import_users_from_csv_with_meta	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codection:import_users_from_csv_with_meta:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "05685317-DA8C-4A30-8270-2F239AB39BAB",
              "versionEndExcluding": "1.14.2.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The codection \"Import users from CSV with meta\" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF."
    },
    {
      "lang": "es",
      "value": "El complemento de codificaci\u00f3n \"Import users from CSV with meta\" en versiones anteriores a 1.14.2.2 para WordPress permite wp-admin / admin-ajax.php? Action = acui_delete_attachment CSRF."
    }
  ],
  "id": "CVE-2019-14683",
  "lastModified": "2024-11-21T04:27:07.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-08T20:15:12.117",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpvulndb.com/vulnerabilities/9392"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpvulndb.com/vulnerabilities/9392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-20101

Vulnerability from fkie_nvd - Published: 2018-12-12 16:29 - Updated: 2024-11-21 04:00

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.

References

URL	Tags
cve@mitre.org	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Product, Release Notes
cve@mitre.org	https://wpvulndb.com/vulnerabilities/9176
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers	Product, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://wpvulndb.com/vulnerabilities/9176

Impacted products

	Vendor	Product	Version
	codection	import_users_from_csv_with_meta	1.12.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codection:import_users_from_csv_with_meta:1.12.1:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "1817829D-1BDE-485C-B45E-DD105641B2F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell."
    },
    {
      "lang": "es",
      "value": "El plugin \"Import users from CSV with meta\" de codection en versiones anteriores a la 1.12.1 para WordPress permite Cross-Site Scripting (XSS) mediante el valor de una celda."
    }
  ],
  "id": "CVE-2018-20101",
  "lastModified": "2024-11-21T04:00:52.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-12T16:29:01.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://wpvulndb.com/vulnerabilities/9176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wpvulndb.com/vulnerabilities/9176"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-15326 (GCVE-0-2019-15326)

Vulnerability from cvelistv5 – Published: 2019-08-22 19:10 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9392	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9392"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-23T13:06:14.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9392"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9392",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9392"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15326",
    "datePublished": "2019-08-22T19:10:38.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15327 (GCVE-0-2019-15327)

Vulnerability from cvelistv5 – Published: 2019-08-22 19:10 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://wordpress.org/plugins/import-users-from-c…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T19:10:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15327",
    "datePublished": "2019-08-22T19:10:04.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15328 (GCVE-0-2019-15328)

Vulnerability from cvelistv5 – Published: 2019-08-22 19:09 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://plugins.trac.wordpress.org/browser/import…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T19:09:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15328",
    "datePublished": "2019-08-22T19:09:31.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15329 (GCVE-0-2019-15329)

Vulnerability from cvelistv5 – Published: 2019-08-22 19:08 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://plugins.trac.wordpress.org/browser/import…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.754Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T19:08:42.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15329",
    "datePublished": "2019-08-22T19:08:42.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14683 (GCVE-0-2019-14683)

Vulnerability from cvelistv5 – Published: 2019-08-08 19:54 – Updated: 2024-08-05 00:19

Summary

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9392	x_refsource_MISC
	https://plugins.trac.wordpress.org/browser/import…	x_refsource_MISC
	https://www.pluginvulnerabilities.com/2019/06/21/…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9392"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The codection \"Import users from CSV with meta\" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T12:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9392"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The codection \"Import users from CSV with meta\" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9392",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9392"
            },
            {
              "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
            },
            {
              "name": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/",
              "refsource": "MISC",
              "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14683",
    "datePublished": "2019-08-08T19:54:52.000Z",
    "dateReserved": "2019-08-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:19:41.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-20101 (GCVE-0-2018-20101)

Vulnerability from cvelistv5 – Published: 2018-12-12 16:00 – Updated: 2024-08-05 11:51

Summary

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9176	x_refsource_MISC

Date Public ?

2018-12-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:51:19.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-06T10:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9176",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20101",
    "datePublished": "2018-12-12T16:00:00.000Z",
    "dateReserved": "2018-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:51:19.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15326 (GCVE-0-2019-15326)

Vulnerability from nvd – Published: 2019-08-22 19:10 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9392	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9392"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-23T13:06:14.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9392"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9392",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9392"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15326",
    "datePublished": "2019-08-22T19:10:38.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15327 (GCVE-0-2019-15327)

Vulnerability from nvd – Published: 2019-08-22 19:10 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

https://wordpress.org/plugins/import-users-from-c…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T19:10:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15327",
    "datePublished": "2019-08-22T19:10:04.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15328 (GCVE-0-2019-15328)

Vulnerability from nvd – Published: 2019-08-22 19:09 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://plugins.trac.wordpress.org/browser/import…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T19:09:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15328",
    "datePublished": "2019-08-22T19:09:31.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15329 (GCVE-0-2019-15329)

Vulnerability from nvd – Published: 2019-08-22 19:08 – Updated: 2024-08-05 00:42

Summary

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://plugins.trac.wordpress.org/browser/import…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.754Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T19:08:42.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15329",
    "datePublished": "2019-08-22T19:08:42.000Z",
    "dateReserved": "2019-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14683 (GCVE-0-2019-14683)

Vulnerability from nvd – Published: 2019-08-08 19:54 – Updated: 2024-08-05 00:19

Summary

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9392	x_refsource_MISC
	https://plugins.trac.wordpress.org/browser/import…	x_refsource_MISC
	https://www.pluginvulnerabilities.com/2019/06/21/…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9392"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The codection \"Import users from CSV with meta\" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-22T12:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9392"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The codection \"Import users from CSV with meta\" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9392",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9392"
            },
            {
              "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013"
            },
            {
              "name": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/",
              "refsource": "MISC",
              "url": "https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14683",
    "datePublished": "2019-08-08T19:54:52.000Z",
    "dateReserved": "2019-08-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:19:41.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-20101 (GCVE-0-2018-20101)

Vulnerability from nvd – Published: 2018-12-12 16:00 – Updated: 2024-08-05 11:51

Summary

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://wordpress.org/plugins/import-users-from-c…	x_refsource_MISC
	https://wpvulndb.com/vulnerabilities/9176	x_refsource_MISC

Date Public ?

2018-12-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:51:19.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-06T10:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9176",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20101",
    "datePublished": "2018-12-12T16:00:00.000Z",
    "dateReserved": "2018-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:51:19.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

18 vulnerabilities found for import_users_from_csv_with_meta by codection

FKIE_CVE-2019-15327

FKIE_CVE-2019-15329

FKIE_CVE-2019-15326

FKIE_CVE-2019-15328

FKIE_CVE-2019-14683

FKIE_CVE-2018-20101

CVE-2019-15326 (GCVE-0-2019-15326)

CVE-2019-15327 (GCVE-0-2019-15327)

CVE-2019-15328 (GCVE-0-2019-15328)

CVE-2019-15329 (GCVE-0-2019-15329)

CVE-2019-14683 (GCVE-0-2019-14683)

CVE-2018-20101 (GCVE-0-2018-20101)

CVE-2019-15326 (GCVE-0-2019-15326)

CVE-2019-15327 (GCVE-0-2019-15327)

CVE-2019-15328 (GCVE-0-2019-15328)

CVE-2019-15329 (GCVE-0-2019-15329)

CVE-2019-14683 (GCVE-0-2019-14683)

CVE-2018-20101 (GCVE-0-2018-20101)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.