EUVD-2022-34502

Malicious code in bioql PyPI...

WordPress SEO Backlink Monitor plugin <= 1.8.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SEO Backlink Monitor versions = 1.8.0...

CVE-2025-5815

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcmmaybesetbotflags function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging...

CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcmmaybesetbotflags function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging...

CVE-2024-3269

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

CVE-2024-10399

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsearchusers function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2023-34007

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3...

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

CVE-2015-9296

The download-monitor plugin before 1.7.1 for WordPress has XSS related to addqueryarg...

CVE-2022-4972

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...

WordPress Campaign Monitor for WordPress plugin <= 2.8.15 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Campaign Monitor for WordPress versions = 2.8.15...

WordPress plugin Campaign Monitor for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-24776 · WordPress · Download Monitor

Name of the Vulnerable Software and Affected Versions: Download Monitor plugin for WordPress versions up to, and including, 4.9.13 Description: The issue allows unauthorized access to functionality due to a missing capability check on the dlm uninstall plugin function. This makes it possible for...

Cross-Site Scripting

org.jenkins-ci.plugins, build-monitor-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due improper sanitization of Build Monitor View names, which allows attackers with the ability to configure Build Monitor Views to inject malicious scripts into the view name...

PT-2024-22302 · Jenkins · Jenkins Build Monitor View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Monitor View Plugin versions 1.14-860.vd06ef2568b 3f and earlier Description: The issue results from the failure to escape Build Monitor View names, leading to a stored cross-site scripting XSS vulnerability. This vulnerability...

WordPress Plugin Campaign Monitor for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-31219 WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1...

CVE-2023-37942

Jenkins External Monitor Job Type Plugin 206.v9a94ff0b4a10 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

WordPress Download Monitor plugin <= 4.5.97 - Authenticated Arbitrary File Download vulnerability

Authenticated Arbitrary File Download vulnerability was discovered by Raad Haddad Cloudyrion GmbH in the WordPress Download Monitor plugin versions = 4.5.97. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.5.98...

PT-2022-4021 · Jenkins · Jenkins External Monitor Job Type Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins External Monitor Job Type Plugin versions 191.v363d0d1efdf8 and earlier Description: A cross-site request forgery CSRF vulnerability in the Jenkins External Monitor Job Type Plugin allows attackers to create runs of an external job...