WordPress plugin Quick Code 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in version 1.0...

CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9...

WordPress Plugin Invitation Code Content Restriction Plugin from CreativeMinds 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2024-24566

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...

CVE-2022-37411

Cross-Site Request Forgery CSRF vulnerability in Vinoj Cardoza's Captcha Code plugin = 2.7 at WordPress...

CVE-2022-37411

Cross-Site Request Forgery CSRF vulnerability in Vinoj Cardoza's Captcha Code plugin = 2.7 at WordPress...

CVE-2022-37411

CVE-2022-37411 covers a Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza’s WordPress Captcha Code plugin, affecting versions ≤ 2.7. The root cause is a missing/incorrect CSRF check when saving plugin settings, which could allow an attacker to trigger unintended admin actions via a...

PT-2022-23981 · Vinoj Cardoza · Captcha Code Plugin

Name of the Vulnerable Software and Affected Versions: Vinoj Cardoza's Captcha Code plugin versions = 2.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on the web...

Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...

GHSA-5R6P-P9R6-R326 Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...

Plaintext Storage of a Password in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to version 1.25 did not treat the proxy password as a secret to be masked when logging or encrypted for export...

CVE-2022-23106

CVE-2022-23106 affects Jenkins Configuration as Code Plugin (versions up to 1.55). The issue is a non-constant time comparison when validating an authentication token, enabling attackers to use statistical methods to deduce a valid token. The available connected documents corroborate the vulnerab...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

CVE-2019-10367

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

CVE-2019-10367

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

Authorization

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

CVE-2019-10367

The CVE-2019-10367 entry concerns Jenkins Configuration as Code Plugin where Jenkins Configuration as Code Plugin 1.26 and earlier failed to properly mask certain values when logging the configuration being applied. This stems from an incomplete fix of CVE-2019-10343, not fully masking secrets in...

CloudBees Jenkins Configuration as Code plugin log information leakage vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

CVE-2019-10362

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...