Vulnerabilities > Smackcoders > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2024-9364 | Missing Authorization vulnerability in Smackcoders Sendgrid The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. | 4.3 |
| 2022-10-17 | CVE-2022-3244 | Missing Authorization vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | 4.2 |
| 2022-02-28 | CVE-2022-0360 | Cross-site Scripting vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | 4.8 |
| 2019-09-17 | CVE-2016-10985 | Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0 The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | 4.3 |
| 2019-09-17 | CVE-2016-10984 | Cross-site Scripting vulnerability in Smackcoders Echo Sign 1.0.0/1.1.0 The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | 4.3 |
| 2019-08-14 | CVE-2018-20968 | Cross-Site Request Forgery (CSRF) vulnerability in Smackcoders Ultimate Exporter The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | 6.8 |
| 2019-08-12 | CVE-2015-9306 | Cross-site Scripting vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | 6.1 |
| 2013-11-05 | CVE-2013-3264 | Permissions, Privileges, and Access Controls vulnerability in Smackcoders WP Ultimate Email Marketer Plugin The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. | 6.4 |
| 2013-11-05 | CVE-2013-3263 | Cross-Site Scripting vulnerability in Smackcoders WP Ultimate Email Marketer Plugin Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php. | 4.3 |