Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

aleapp

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
2Vulnerabilities found
CVE-2025-4190
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.54%
||
7 Day CHG~0.00%
Published-17 May, 2025 | 06:00
Updated-12 Jun, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Action-Not Available
Vendor-aleappUnknown
Product-csv_mass_importerCSV Mass Importer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-23821
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-11 May, 2026 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Cookies Alert plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in aleapp WP Cookies Alert wp-cookies-alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through <= 1.1.1.

Action-Not Available
Vendor-aleapp
Product-WP Cookies Alert
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)