CVE-2026-24354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

CVE-2026-24354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

PT-2026-4250

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

CVE-2025-66108 WordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Merlot Digital by TNC TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through = 2.0.4...

CVE-2025-12539 TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...

EUVD-2022-4202

Malicious code in bioql PyPI...

CVE-2025-59587 WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through 6.1...

WordPress plugin Penci Shortcodes & Performance 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which has the ability to host personal blog sites on PHP and MySQL based servers.WordPres...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

WordPress Marketing Performance Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Marketing Performance Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24404 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 68bd528dfd1b Credits Nithissh S Requir...

Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. NS-ND Integration Performance Publisher Plugin 4.8.0.146 no longer disables SSL/TLS certificate and...

PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

PT-2022-25743 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.129 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using...

PT-2022-4032 · Jenkins · Jenkins Clif Performance Testing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CLIF Performance Testing Plugin versions 64.vc0d66de1dfb f and earlier Description: The issue is related to an arbitrary file write vulnerability. This vulnerability allows attackers with Overall/Read permission to create or replace...

org.jenkins-ci.plugins:influxdb (>=1.9 <=1.12.3) potentially affected by CVE-2021-21701 via org.jenkins-ci.plugins:performance (>=1.15 <=3.0)

org.jenkins-ci.plugins:performance MAVEN version =1.15, =1.9, =1.12.3 Source cves: CVE-2021-21701 Source advisory: OSV:GHSA-HR8P-76Q8-FXWQ...

GHSA-HR8P-76Q8-FXWQ XXE vulnerability in Jenkins Performance Plugin

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins Performance Plugin

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...

Jenkins code issue vulnerability (CNVD-2021-93373)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin that stems from the Performance plugin version 3.20 and earlier not...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...