CVE-2026-39706

CVE-2026-39706 concerns the WordPress plugin Make My Trivia (vulnerable through 1.1.0). The issue is described as a Missing Authorization vulnerability that allows exploitation of incorrectly configured access control levels, affecting Make My Trivia versions up to and including 1.1.0. The CVE is...

CVE-2023-22709

Cross-Site Request Forgery CSRF vulnerability in Atif N SRS Simple Hits Counter plugin = 1.1.0 versions...

Plaintext Storage of a Password in Jenkins Skype notifier Plugin

Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file syste...

Missing SSH host key validation in Mac Plugin

Mac Plugin 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Mac Plugin 1.2.0 validates SSH host keys when...

GHSA-VC42-MGR2-W34R Modoboa is vulnerable to an XML External Entity Injection (XXE)

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...