CVE-2017-20183

CVE-2017-20183 affects WordPress via the External Media without Import Plugin up to 1.0.0. A vulnerability in the function print_media_new_panel (external-media-without-import.php) allows cross-site scripting through manipulation of the parameters url, error, width, height, and mime-type. The att...

PT-2023-10634 · WordPress · External Media Without Import Plugin

Name of the Vulnerable Software and Affected Versions: External Media without Import Plugin version 1.0.0 Description: A vulnerability was found in the External Media without Import Plugin on WordPress, affecting the print media new panel function of the file external-media-without-import.php. Th...

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...

CVE-2023-0254 Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges...

Phosphorus Five SQL注入漏洞

Phosphorus Five is Aista open source a .Net-based RAD Web application development framework. Used to create rich and secure Ajax Web applications. Phosphorus Five before version 8.3 SQL injection vulnerability exists , the vulnerability stems from the component CSV Import...

CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

WordPress Members Import Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Members Import Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4663 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID d4d45be3e61f Credits Saeed Alzahrani Required...

CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

CVE-2022-1540

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

CVE-2022-3418

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...

Design/Logic Flaw

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...

Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in Job Import Plugin 3.6 requires Job Import/Import...

CVE-2022-43413

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Jenkins Plugin Job Import 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-26898 · Jenkins · Jenkins Job Import Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Import Plugin versions 3.5 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins due to a lack of permission check in an HTTP endpoint. In...

CVE-2022-43413

CVE-2022-43413 affects the Jenkins Job Import Plugin up to version 3.5. The issue is a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. The Connected documents corroborate this description and identif...

CVE-2022-3243

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin...

CVE-2022-36386

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin = 3.6.7 at WordPress...

Ubuntu: Security Advisory (USN-193-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...