CVE-2024-12501

CVE-2024-12501 concerns the WordPress Simple Locator plugin (versions up to 2.0.3) with Stored XSS via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; an attacker can inject scripts that ex...

CVE-2024-11052

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress CollectChat plugin < 2.4.4 - Admin+ XSS vulnerability

Admin+ XSS vulnerability discovered by Fourcade in WordPress Plugin collectchat versions 2.4.4...

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

WordPress Plugin SecuPress Free — WordPress Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin SecuPress Free - A securit...

CVE-2024-30232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9...

The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system allows a hacker to bypass the API key and gain unauthorized access to protected information.

The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the API keys and gain unauthorized access to protected information...

The vulnerability of the Jenkins NodeJS plugin, related to errors in processing user credentials in the build log, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins NodeJS plugin is related to errors in processing user credentials in the build log. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2023-0813 Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

WordPress Plugin Brilliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-47161

Cross-Site Request Forgery CSRF vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin = 1.5.1 versions...

CVE-2023-32995

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

SUSE CVE-2009-3615

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service application crash via crafted contact-list data for 1 ICQ and possibly 2 AIM, as demonstrated by the SIM IM client...

PT-2022-25528 · Unknown · Yellow Tree Geolocation Ip Detection Plugin

Name of the Vulnerable Software and Affected Versions: Yellow Tree Geolocation IP Detection Plugin affected versions not specified Description: A vulnerability was found in the Yellow Tree Geolocation IP Detection Plugin, classified as problematic. It affects an unknown function of the component...

The vulnerability of the Jenkins HTTP Request Plugin, related to the disclosure of information in the error data field, allows attackers to disclose the protected information.

The vulnerability of the Jenkins HTTP Request Plugin is related to the disclosure of information in the error data field. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...

CVE-2022-1593

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads ...

CVE-2022-0745

The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body...

VulnCheck KEV: CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...

USN-5301-2 cyrus-sasl2 vulnerability

USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrar...

CVE-2021-36909 WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin versions = 5.98 allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover...