590 matches found
FlatPress 跨站脚本漏洞
FlatPress is a Php-based blog builder without database support from the FlatPress community. FlatPress has a cross-site scripting vulnerability, the vulnerability stems from a problem with the function main in the fp-plugins/mediamanager/panels/panel.mediamanager.file.php file of the component...
CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...
FlatPress < 1.3 Multiple Vulnerabilities
FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-26366
Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...
CVE-2022-42460
Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...
Cross site scripting
Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...
CVE-2022-42460
CVE-2022-42460 affects the WordPress Traffic Manager plugin up to version 1.4.5, with a Broken Access Control flaw that enables Stored Cross-Site Scripting (XSS). The root cause is insufficient access controls on the plugin, allowing stored payloads that can be executed in users with a range of p...
PT-2022-26444 · WordPress · Traffic Manager
Name of the Vulnerable Software and Affected Versions: Traffic Manager plugin versions prior to 1.4.6 Description: The issue is related to a Broken Access Control vulnerability that leads to Stored Cross-Site Scripting XSS in the Traffic Manager plugin on WordPress. Recommendations: For Traffic...
CVE-2022-42460
Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...
CVE-2022-3126
CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...
PT-2022-20633
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin WordPress plugin versions prior to 21.3 Description The issue allows any unauthenticated user to rename uploaded files from users. Due to the lack of validation in the destination filename, this could allow them to...
CSRF vulnerability and mM
Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...
GHSA-GHQ7-85HP-FH76 CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho...
CVE-2022-41245
A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41246
CVE-2022-41246 affects Jenkins Worksoft Execution Manager Plugin up to version 10.0.3.503. The root cause is a missing permission check, which allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credential IDs obtained through another method, enabli...
CVE-2022-41246
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41246
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-41245
A cross-site request forgery CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...