CVE-2024-43107

Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...

CVE-2024-43107

Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...

CVE-2024-43107

CVE-2024-43107 concerns the Gallagher Milestone Integration Plugin (MIP). The issue arises from improper certificate validation (CWE-295) in MIP, allowing unauthenticated messages (such as alarm events) to be sent to the plugin. Affected products include Gallagher MIP versions prior to 4.0.32 and...

Gallagher Milestone Integration Plugin 信任管理问题漏洞

Gallagher Milestone Integration Plugin Gallagher MIP is an integration plugin from Gallagher New Zealand. A security vulnerability exists in Gallagher Milestone Integration Plugin versions prior to v4.0.32 and v3.0 and prior, which stems from improper certificate validation and could result in...

WordPress Spreadsheet Integration plugin <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish vulnerability

Cross-Site Request Forgery to Arbitrary Post Publish vulnerability discovered by Krzysztof Zając in WordPress Plugin Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. versions = 3.8.2...

CVE-2024-9193

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Bitbucket Server Integration Plugin implements this extension point to support OAuth 1.0 authentication. In Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusi...

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

CVE-2025-24398

The CVE-2025-24398 entry corresponds to a CSRF bypass vulnerability in the Jenkins Bitbucket Server Integration Plugin. Affected versions 2.1.0–4.1.3 implement an overly permissive extension point that can disable CSRF protection for arbitrary URLs, enabling attackers to craft links that bypass C...

WordPress MercadoLibre Integration plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability

CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin MercadoLibre Integration versions = 1.1...

CVE-2024-10877 AFI – The Easiest Integration Plugin <= 1.92.0 - Reflected Cross-Site Scripting

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers t...

CVE-2024-10184 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-37742 · WordPress · Spreadsheet Integration Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: The Spreadsheet Integration plugin for WordPress versions up to, and including, 3.7.9 Description: The issue is related to a missing capability check on several functions, allowing authenticated attackers with Subscriber-level access and abov...

WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Dynamics 365 Integration versions = 1.3.17...

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

CVE-2023-35145

A flaw was found in the Jenkins Sonargraph Integration Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim...

GHSA-WMXX-2PVR-X7J6 Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not correctly escape the file path and the project name for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...