7 matches found
CVE-2025-58986
Missing Authorization vulnerability in ganddser Jock On Air Now JOAN joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now JOAN: from n/a through = 6.0.4...
CVE-2025-58986
CVE-2025-58986 concerns WordPress plugin JOAN (Jock On Air Now) with vulnerable versions up to 6.0.4, describing a Missing Authorization issue due to incorrectly configured access control. Red Hat and NVD entries confirm this vulnerability affects JOAN versions
EUVD-2025-38136
Missing Authorization vulnerability in ganddser Jock On Air Now JOAN joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now JOAN: from n/a through = 6.0.4...
WordPress plugin Jock On Air Now (JOAN) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...
Jock on air now < 5.6.2 - Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'PHPSELF' before outputting it back in an attribute in its settings, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=joansettings...
Jock on air now < 5.6.3 - Authenticated Stored Cross-Site Scripting
The plugin does not properly sanitise and escape some Show parameters before outputting them in pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Vulnerable parameters: linkURL some validation is done an...