Lucene search
K

140 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/17 5:55 a.m.1 views

WordPress Plugin "Related YouTube Videos" vulnerable to cross-site request forgery

Overview WordPress Plugin "Related YouTube Videos" provided by Chris Doerr contains a cross-site request forgery vulnerability CWE-352. Shoichiro Ishikawa of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability...

8.8CVSS6.5AI score0.01017EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/13 4:57 a.m.4 views

A map plugin for Mincraft server "Dynmap" fails to restrict access permissions

Overview A map plugin for Mincraft server "Dynmap" fails to restrict access permissions CWE-284. RyotaK directly reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer f...

5.3CVSS6.8AI score0.01595EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/13 12:0 a.m.253 views

JVN#89046645: A map plugin for Minecraft server "Dynmap" fails to restrict access permissions

A map plugin for Minecraft server "Dynmap" fails to restrict access permissions CWE-284. Impact Under the circumstance where a user is required to login Dynmap, a remote attacker may bypass the login authentication and be able to see a map image that requires authentication. Solution Update the...

5.3CVSS5.3AI score0.01595EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/12 5:21 a.m.2 views

WordPress Plugin "Contest Gallery" vulnerable to cross-site request forgery

Overview WordPress Plugin "Contest Gallery" provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Okazawa Yoshihiro of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to...

8.8CVSS6.5AI score0.01036EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.7 views

PT-2019-11736 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.6 and earlier CloudBees CD Plugin affected versions not specified Description: A reflected cross-site scripting issue allows attackers to inject arbitrary HTML and JavaScript into job configuration form...

6.1CVSS5.9AI score0.01375EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 12:0 a.m.176 views

JVN#96988995: Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"

WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5972 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.9AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/31 12:0 a.m.203 views

JVN#88962935: Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.4AI score0.01587EPSS
Exploits0
Patchstack
Patchstack
added 2018/12/07 12:0 a.m.18 views

WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by RIPS Technologies in WordPress Contact Form by WPForms plugin versions = 1.4.7. Solution Update the WordPress Contact Form by WPForms plugin to the latest available versions at least 1.4.8...

2.2AI score
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/02 5:56 a.m.2 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Yuta Kitaoka of TokyoDenkiUniversity Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS5.9AI score0.01204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/07/17 3:27 a.m.3 views

WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

Overview The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01044EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/28 5:11 a.m.3 views

WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

Overview The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

6.1CVSS5.9AI score0.01224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 5:15 a.m.3 views

WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01066EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 5:0 a.m.2 views

WordPress plugin "Events Manager" vulnerable to cross-site scripting

Overview The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC...

5.4CVSS5.8AI score0.01517EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.57 views

JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting

The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.2AI score0.01517EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 5:10 a.m.3 views

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Note that this vulnerability is different from JVN60032768. Mardan Muhidin of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

6.1CVSS6.1AI score0.01537EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 4:39 a.m.3 views

WordPress plugin "MTS Simple Booking C" vulnerable to cross-site scripting

Overview The WordPress plugin "MTS Simple Booking C" provided by MT Systems Co., Ltd. contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to...

6.1CVSS5.8AI score0.00776EPSS
Exploits0References5
Patchstack
Patchstack
added 2018/01/30 12:0 a.m.18 views

WordPress Splashing Images plugin <=2.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Nicolas Buzy-Debat in WordPress Splashing Images plugin versions =2.1. Possible remote injection of arbitrary web script or HTML via the search parameter to wp-admin/upload.php. Solution Update the WordPress Splashing Images plugin to the latest...

4.8CVSS1.6AI score0.01048EPSS
Exploits2References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 4:49 a.m.2 views

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...

6.1CVSS5.8AI score0.02603EPSS
Exploits0References6
CNVD
CNVD
added 2017/01/20 12:0 a.m.4 views

WordPress 'wp_ajax_update_plugin' function directory traversal vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the 'wpajaxupdateplugin' function in the wp-admin/includes/ajax-actions.ph...

4.3CVSS6.7AI score0.01641EPSS
Exploits0References1
CVE
CVE
added 2017/01/18 9:0 p.m.93 views

CVE-2016-10148

The CVE-2016-10148 entry concerns WordPress before 4.6. The vulnerable component is wp_ajax_update_plugin in wp-admin/includes/ajax-actions.php. The root cause is that a get_plugin_data call is performed before checking the update_plugins capability, allowing remote authenticated users to bypass ...

4.3CVSS5.1AI score0.01641EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder