13 matches found
CVE-2026-4127
The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...
CVE-2026-24968
CVE-2026-24968 – Xagio SEO WordPress plugin Privilege Escalation CVE-2026-24968 corresponds to an Incorrect Privilege Assignment vulnerability in the WordPress plugin Xagio SEO, affecting versions from n/a through
EUVD-2019-17840
Malware in sbrugna...
CVE-2024-13337 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy'
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcrclearfy' page. This makes it possibl...
WordPress Uncomplicated SEO plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Uncomplicated SEO versions = 1.2...
Atlassian JIRA < 7.13.6 / 8.x < 8.4.0 XSS (JRASERVER-69795)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.13.6, or 8.x prior to 8.4.0. It is, therefore, affected by a cross-site scripting XSS vulnerability. The vulnerability exists in the Optimization plugin due to improper...
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
Cross site scripting
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
CVE-2019-8450
Affected software: Jira with the Optimization plugin (versions before 7.13.6 and before 8.4.0). Vulnerability: Cross-site scripting (XSS) due to improper validation of user-supplied input when exporting the name of a custom field. Impact: Authenticated, remote attacker can inject arbitrary HTML/J...
CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
XSS in various templates of the Optimization plugin - CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
XSS in various templates of the Optimization plugin - CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...