673 matches found
EUVD-2022-1559
Malicious code in bioql PyPI...
CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...
WordPress BitFire plugin <= 4.5 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 4.5...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the process that applies field masking rules to fields of types ip, geopoint, geoshape, xypoint, and xyshape. An attacker can access sensitive information by issuing search queries that reconstruct the original...
PT-2025-30640 · WordPress · The Security Ninja – Wordpress Security Plugin & Firewall
Name of the Vulnerable Software and Affected Versions: The Security Ninja – WordPress Security Plugin & Firewall versions prior to 5.243 Description: The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This allows...
CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2025-53653
Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Malicious code in wonderland-api-security-plugin (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-5483 Malicious code in wonderland-api-security-plugin (npm)
The package communicates with a domain associated with malicious activity...
CVE-2024-31447
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...
CVE-2024-43794
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2023-23680
Cross-Site Request Forgery CSRF vulnerability in Bob Goetz WP-TopBar plugin = 5.36 versions...
CVE-2023-24390
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WeSecur Security plugin = 1.2.1 versions...
CVE-2023-23941
SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...
CVE-2022-24873
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...
CVE-2022-1557
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site...
CVE-2021-37709
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2020-36176
The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...
CVE-2018-1999041
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration...