Vulnerabilities > Smackcoders

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-3244 Unspecified vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
network
high complexity
smackcoders
4.2
2022-06-27 CVE-2022-1977 Server-Side Request Forgery (SSRF) vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks
network
low complexity
smackcoders CWE-918
7.2
2022-02-28 CVE-2022-0360 Unspecified vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
network
low complexity
smackcoders
4.8
2019-09-20 CVE-2016-11000 SQL Injection vulnerability in Smackcoders Ultimate Exporter 1.0/1.1
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.
network
low complexity
smackcoders CWE-89
critical
9.8
2019-09-17 CVE-2016-10985 Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0
The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
network
low complexity
smackcoders CWE-79
6.1
2019-09-17 CVE-2016-10984 Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0
The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.
network
low complexity
smackcoders CWE-79
6.1
2019-08-14 CVE-2018-20968 Cross-Site Request Forgery (CSRF) vulnerability in Smackcoders Ultimate Exporter
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
network
low complexity
smackcoders CWE-352
8.8
2019-08-14 CVE-2018-20967 Cross-Site Request Forgery (CSRF) vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
network
low complexity
smackcoders CWE-352
8.8
2019-08-12 CVE-2015-9306 Cross-site Scripting vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
network
low complexity
smackcoders CWE-79
6.1