Lucene search
+L

106 matches found

Patchstack
Patchstack
added 2024/09/09 12:0 a.m.20 views

WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...

7.2CVSS5.7AI score0.00403EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/17 6:30 a.m.16 views

CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...

9.9CVSS7.1AI score0.00975EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/29 9:2 a.m.31 views

CVE-2023-45751 WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3...

9.1CVSS9.6AI score0.00577EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 6:17 p.m.11 views

CVE-2023-45750

Unauth. Reflected Cross-Site Scripting XSS vulnerability in POSIMYTH Nexter Extension plugin = 2.0.3 versions...

7.1CVSS6.2AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2023/10/12 12:15 p.m.12 views

CVE-2023-23737

Unauth. SQL Injection SQLi vulnerability in MainWP MainWP Broken Links Checker Extension plugin = 4.0 versions...

9.8CVSS9.8AI score0.006EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 12:15 p.m.4 views

CVE-2023-23651

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP Google Analytics Extension plugin = 4.0.4 versions...

8.8CVSS5.8AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/12 11:31 a.m.13 views

CVE-2023-23737 WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection

Unauth. SQL Injection SQLi vulnerability in MainWP MainWP Broken Links Checker Extension plugin = 4.0 versions...

9.3CVSS8.2AI score0.006EPSS
Exploits0References1
Prion
Prion
added 2023/07/18 1:15 p.m.17 views

Sql injection

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...

6.5CVSS9.1AI score0.00772EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/18 12:42 p.m.63 views

CVE-2023-23660

MainWP Maintenance Extension for WordPress is affected up to version 4.1.1 with an authenticated (subscriber) SQL Injection vulnerability. The root cause is a SQLi in the plugin that can be triggered by a subscriber. Fixed in version 4.1.2; upgrade to mitigate. Patchstack also lists high risk (CV...

8.8CVSS9.1AI score0.00772EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/23 5:44 p.m.15 views

jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for...

4.3CVSS5.7AI score0.00503EPSS
Exploits0References5
Veracode
Veracode
added 2023/05/30 8:5 a.m.29 views

Improper Validation

Jenkins Email Extension Plugin is vulnerable to Improper Validation. The vulnerability exists due to lack of form validations which allows an attacker to gain read access to the email-templates/ file directory...

4.3CVSS6.7AI score0.00503EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2023/05/17 5:27 a.m.30 views

CVE-2023-32979

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for...

4.3CVSS6.1AI score0.00503EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/05/17 5:27 a.m.27 views

CVE-2023-32980

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker...

4.3CVSS6.2AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2023/05/16 6:30 p.m.66 views

GHSA-6GP4-2F92-J2W5 Jenkins Email Extension Plugin missing permission check

Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller fi...

4.3CVSS4.6AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2023/05/16 6:30 p.m.42 views

GHSA-2F89-66V2-9P53 Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability

Jenkins Email Extension Plugin 2.96 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers to make another user stop watching an attacker-specified job. Email Extension Plugin 2.96.1 requires POST reques...

4.3CVSS4.7AI score0.00368EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.35 views

Jenkins Email Extension Plugin missing permission check

Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller fi...

4.3CVSS6.6AI score0.00503EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/16 4:15 p.m.27 views

CVE-2023-32979

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

4.3CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2023/05/16 4:15 p.m.42 views

CVE-2023-32979

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

4.3CVSS5.5AI score0.00503EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 4:15 p.m.26 views

CVE-2023-32980

A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...

4.3CVSS5.6AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 4:15 p.m.23 views

CVE-2023-32980

A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...

4.3CVSS7AI score
Exploits0References1
Rows per page
Query Builder