106 matches found
WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...
CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...
CVE-2023-45751 WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)
Improper Control of Generation of Code 'Code Injection' vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3...
CVE-2023-45750
Unauth. Reflected Cross-Site Scripting XSS vulnerability in POSIMYTH Nexter Extension plugin = 2.0.3 versions...
CVE-2023-23737
Unauth. SQL Injection SQLi vulnerability in MainWP MainWP Broken Links Checker Extension plugin = 4.0 versions...
CVE-2023-23651
Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP Google Analytics Extension plugin = 4.0.4 versions...
CVE-2023-23737 WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection
Unauth. SQL Injection SQLi vulnerability in MainWP MainWP Broken Links Checker Extension plugin = 4.0 versions...
Sql injection
Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...
CVE-2023-23660
MainWP Maintenance Extension for WordPress is affected up to version 4.1.1 with an authenticated (subscriber) SQL Injection vulnerability. The root cause is a SQLi in the plugin that can be triggered by a subscriber. Fixed in version 4.1.2; upgrade to mitigate. Patchstack also lists high risk (CV...
jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin
A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for...
Improper Validation
Jenkins Email Extension Plugin is vulnerable to Improper Validation. The vulnerability exists due to lack of form validations which allows an attacker to gain read access to the email-templates/ file directory...
CVE-2023-32979
A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for...
CVE-2023-32980
A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker...
GHSA-6GP4-2F92-J2W5 Jenkins Email Extension Plugin missing permission check
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller fi...
GHSA-2F89-66V2-9P53 Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
Jenkins Email Extension Plugin 2.96 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers to make another user stop watching an attacker-specified job. Email Extension Plugin 2.96.1 requires POST reques...
Jenkins Email Extension Plugin missing permission check
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller fi...
CVE-2023-32979
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...
CVE-2023-32979
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...
CVE-2023-32980
A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...
CVE-2023-32980
A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...