WordPress plugin Alfie – Feed Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1000

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

CVE-2026-1000

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

CVE-2025-14447

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-51074

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu reset options function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

EUVD-2025-199574

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

CVE-2010-5295

Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...

PT-2024-32568

Name of the Vulnerable Software and Affected Versions Xylus Themes WP Bulk Delete versions prior to 1.3.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS, which can be exploited...

WordPress WP Bulk Delete plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin WP Bulk Delete versions = 1.3.1...

WordPress WP Bulk Delete Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Bulk Delete Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47352 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc28e517fd6c Credits Dimas Maulana Required privilege...

Jenkins Request Rename Or Delete Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...

GHSA-QQ85-8G89-R5RC Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

Incorrect Authorization in Jenkins Request Rename Or Delete Plugin

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

CVE-2022-34815

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

CVE-2022-34815

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

Cross site request forgery (csrf)

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

CVE-2022-34815

CVE-2022-34815 describes a CSRF vulnerability in the Jenkins Request Rename Or Delete Plugin (versions 1.1.0 and earlier). The issue allows an attacker with the ability to induce a user to perform an action to accept a pending request, resulting in jobs being renamed or deleted. The available doc...

PT-2022-22366 · Jenkins · Jenkins Request Rename/Delete Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Request Rename Or Delete Plugin versions 1.1.0 and earlier Description: The issue arises from an incorrect permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration...

Jenkins Plugin Request Rename Or Delete 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...