75 matches found
CVE-2026-1191
The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...
CVE-2017-18576
The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation...
WordPress WP Status Notifier plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Status Notifier versions = 1.0...
EUVD-2017-9692
Malware in sbrugna...
EUVD-2022-1309
Malicious code in bioql PyPI...
EUVD-2023-0486
Malicious code in bioql PyPI...
EUVD-2022-1572
Malicious code in bioql PyPI...
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys
Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As ...
CVE-2025-53662
Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-28914 · Jenkins · Jenkins Ifttt Build Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins IFTTT Build Notifier Plugin versions 1.2 and earlier Description: The Jenkins IFTTT Build Notifier Plugin stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller. These keys can be viewed by users...
CVE-2024-28154
Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...
CVE-2023-24451
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-41248
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2022-34805
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-28138
A cross-site request forgery CSRF vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential...
CVE-2024-8730
CVE-2024-8730 concerns the Exit Notifier plugin for WordPress. A Reflected Cross-Site Scripting vulnerability exists in all versions up to and including 1.9.1 due to improper escaping of URLs when using add_query_arg, enabling unauthenticated attackers to inject script into pages that run when a ...
CVE-2024-28154
Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...
CVE-2024-28154
Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...
CVE-2024-28154
CVE-2024-28154 affects the Jenkins MQ Notifier Plugin (versions 1.4.0 and earlier). The issue is an information disclosure vulnerability where debug logging may record sensitive build parameters in build logs by default. This logging behavior can expose confidential data to users with access to b...
CVE-2024-28154
Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...