CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

EUVD-2024-1584

Malicious code in bioql PyPI...

EUVD-2024-50940

Malicious code in bioql PyPI...

CVE-2025-58866 WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

CVE-2025-58866 WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

CVE-2025-58866

CVE-2025-58866 affects WordPress Site Info (Site Info Dashboard Widget)

WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bao BlueRock in WordPress Plugin Site Info versions = 1.1...

WordPress plugin Site Info security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-1401 WP Click Info <= 2.7.4 - Reflected XSS

The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WP Click Info plugin <= 2.7.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Click Info versions = 2.7.4...

CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

WordPress plugin Hack-Info 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Hack-Info versions = 3.17...

GHSA-CW5R-JX8R-9F7X Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

PT-2024-35422 · Jenkins · Jenkins Report Info Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Report Info Plugin versions 1.2 and earlier Description: The issue arises from the lack of path validation of the workspace directory while serving report files, leading to a path traversal vulnerability. This allows attackers with...