Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2022-46803: WordPress Simple Newsletter Plugin – Noptin plugin <= 1.9.5 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5.

CVE
Open in Source
#vulnerability#wordpress#auth
CVE-2022-46804: WordPress Export Users Data Distinct plugin <= 1.3 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3.

CVE-2022-46821: WordPress Emails & Newsletters with Jackmail plugin <= 1.2.22 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22.

CVE-2022-46802: WordPress Product Reviews Import Export for WooCommerce plugin <= 1.4.8 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.

CVE-2023-47360: VLC 3.0.13 - MMS Stream bugs

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

CVE-2022-45357: WordPress 1003 Mortgage Application plugin <= 1.75 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.

CVE-2023-36527: WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.

CVE-2022-47442: WordPress UsersWP plugin <= 1.2.3.9 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.

CVE-2022-45350: WordPress Simple History plugin <= 3.3.1 - CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.

CVE-2023-5669: Featured Image Caption <= 0.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.