Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/11/07 5:33 p.m.4 views

CVE-2025-58986

Missing Authorization vulnerability in ganddser Jock On Air Now JOAN joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now JOAN: from n/a through = 6.0.4...

6.5CVSS7AI score0.00249EPSS
Exploits0References1
cve
cve
added 2025/11/06 3:54 p.m.5 views

CVE-2025-58986

CVE-2025-58986 concerns WordPress plugin JOAN (Jock On Air Now) with vulnerable versions up to 6.0.4, describing a Missing Authorization issue due to incorrectly configured access control. Red Hat and NVD entries confirm this vulnerability affects JOAN versions

6.5CVSS6.6AI score0.00249EPSS
Exploits0References1
euvd
euvd
added 2025/11/06 3:54 p.m.4 views

EUVD-2025-38136

Missing Authorization vulnerability in ganddser Jock On Air Now JOAN joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now JOAN: from n/a through = 6.0.4...

6.5AI score0.00249EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/11/06 12:0 a.m.3 views

WordPress plugin Jock On Air Now (JOAN) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.5AI score0.00249EPSS
Exploits0References1
patchstack
patchstack
added 2025/10/02 9:56 a.m.5 views

WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...

6.5CVSS7AI score0.00249EPSS
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/08/18 12:0 a.m.574 views

Jock on air now < 5.6.2 - Reflected Cross-Site Scripting

The plugin does not escape the $SERVER'PHPSELF' before outputting it back in an attribute in its settings, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=joansettings...

0.4AI score
Exploits0
wpvulndb
wpvulndb
added 2021/08/18 12:0 a.m.17 views

Jock on air now < 5.6.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise and escape some Show parameters before outputting them in pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Vulnerable parameters: linkURL some validation is done an...

5.6AI score
Exploits0Affected Software1
Rows per page
Query Builder