WordPress Plugin Vulnerabilities

WordPress Comments Import & Export <= 2.0.4 - CSV Injection

Description

The WordPress Comments Import & Export WordPress plugin was affected by a CSV Injection security vulnerability.

Affects Plugins

Plugin icon
comments-import-export-woocommerce
Fixed in 2.0.5

References

CVE
CVE-2018-11526
Exploitdb
44940
URL
https://plugins.trac.wordpress.org/changeset/1869919/comments-import-export-woocommerce
URL
https://plugins.trac.wordpress.org/changeset/1869919/comments-import-export-woocommerce

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
cd1c3e0f-4e0d-4b2e-9a6d-e13a228d1009

Timeline

Publicly Published
2018-06-21 (about 7 years ago)
Added
2018-06-21 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Mailing List - Arbitrary file download
Published
2025-10-14
Title
Content Writer < 3.6.9 - Unauthenticated Information Exposure via Log File
Published
2023-11-27
Title
Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass
Published
2015-07-08
Title
Child Theme Creator by Orbisius < 1.2.8 - Arbitrary File Write
Published
2014-04-28
Title
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check