WordPress plugin Stock History & Reports Manager for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2022-5484

Malicious code in bioql PyPI...

EUVD-2022-51392

Malicious code in bioql PyPI...

CVE-2025-10050

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

PT-2025-38096

Name of the Vulnerable Software and Affected Versions: Developer Loggers for Simple History plugin for WordPress versions prior to 0.6 Description: The Developer Loggers for Simple History plugin for WordPress is susceptible to a Local File Inclusion issue via the enabled loggers parameter. This...

CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode

The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...

PT-2025-24077 · WordPress · Simple History

Name of the Vulnerable Software and Affected Versions: The Simple History plugin for WordPress versions prior to 5.8.1 Description: The issue concerns sensitive data exposure due to improper sanitization within the append debug info to context function when Detective Mode is enabled. This allows...

CVE-2023-34026

Unauth. Reflected Cross-Site Scripting XSS vulnerability in BrokenCrust This Day In History plugin = 3.10.1 versions...

CVE-2023-41930

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

CVE-2022-4011

A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. T...

CVE-2024-12617

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and...

CVE-2024-51885 WordPress Browsing History plugin <= 1.3.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Browsing History browsing-history allows Stored XSS.This issue affects Browsing History: from n/a through = 1.3.1...

WordPress plugin Browsing History 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

MJ Update History <= 1.0.4 - Missing Authorization

Description The MJ Update History plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an...

CVE-2024-35671 WordPress MJ Update History plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4...

CVE-2022-45350 WordPress Simple History plugin <= 3.3.1 - CSV Injection vulnerability

A vulnerability in Pär Thernström Simple History simple-history.This issue affects Simple History: from n/a through = 3.3.1...

CVE-2022-45350 WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1...

XSS vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...

GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...