WordPress plugin Photo Engine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-34440 WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63...

WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability

Price Manipulation vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP Travel Engine versions = 5.8.0...

CVE-2024-30557 WordPress Aesop Story Engine plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aesopinteractive Aesop Story Engine allows Stored XSS.This issue affects Aesop Story Engine: from n/a through 2.3.2...

Input validation

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

Jenkins Google Compute Engine Plugin has incorrect permission checks

Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...

CVE-2023-49652

The CVE-2023-49652 entry concerns Jenkins Google Compute Engine Plugin (versions up to 4.550.vb_327fca_3db_11 and earlier). The underlying issue is incorrect permission checks that enable attackers with global Item/Configure permission (but without Item/Configure on any specific job) to enumerate...

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

Jenkins Google Compute Engine Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

WordPress ACF Engine Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software ACF Engine Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 503ae0e4b430 Credits Rafie Muhammad Patchstack Required...

CVE-2023-24421

Cross-Site Request Forgery CSRF vulnerability in WP Engine PHP Compatibility Checker plugin = 1.5.2 versions...

SUSE CVE-2005-1156

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."...

Deserialization of untrusted data

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

Remote code execution vulnerability in Jenkins Templating Engine Plugin

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin. This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. Jenkins Templating Engine Plugin 2....

GHSA-P6QC-37HQ-WQR6 Remote code execution vulnerability in Jenkins Templating Engine Plugin

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin. This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. Jenkins Templating Engine Plugin 2....

Jenkins Google Compute Engine Plugin has an unspecified vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...

CVE-2022-29052

CVE-2022-29052 affects Jenkins Google Compute Engine Plugin 4.3.8 and earlier, which stores private keys unencrypted in cloud agent config.xml on the Jenkins controller, enabling viewing by users with Extended Read permission or filesystem access. This exposes sensitive keys; no exploit details a...

PT-2022-19392 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.3.8 and earlier Description: The issue allows private keys to be stored unencrypted in cloud agent config.xml files on the Jenkins controller. This can be viewed by users with Agent/Extended Rea...

PT-2021-7843 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: The issue is related to an unsafe deserialization vulnerability in the Engine.plugin ProfileInformation ProfileData functionality. This vulnerability can be exploited by...

CVE-2021-27400

HashiCorp Vault and Vault Enterprise Cassandra integrations storage backend and database secrets engine plugin did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1...