CVE-2023-22687

The CVE-2023-22687 entry applies to the Freesoul Deactivate Plugins – Plugin manager and cleanup plugin for WordPress, affecting versions

CVE-2023-22687 WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup Plugin <= 1.9.4.0 is vulnerable to Sensitive Data Exposure

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...

Jenkins: XSS vulnerability in plugin manager

A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting XSS...

CVE-2023-1088

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1088

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

Cross site request forgery (csrf)

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1088

CVE-2023-1088 affects WP Plugin Manager for WordPress prior to 1.1.8. The root cause is missing CSRF validation on plugin activation, enabling CSRF attackers to trigger activation of arbitrary plugins by logged-in admins. Public details consistently identify the vulnerable release range and the f...

CVE-2023-1088 WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

WordPress plugin WP Plugin Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-16743 · WordPress · Wp Plugin Manager

Name of the Vulnerable Software and Affected Versions: WP Plugin Manager versions prior to 1.1.8 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-27898

A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting XSS...

Jenkins XSS Vulnerability (CVE-2023-27898) - Linux

Jenkins is prone to a cross-site scripting XSS vulnerability in plugin manager. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.8 Multiple Vulnerabilities (CloudBees Security Advisory 2023-03-08)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.8. It is, therefore, affected by multiple vulnerabilities including the following: - DoS vulnerability in bundled Apache Commons FileUpload library CVE-2023-24998,...

Jenkins XSS Vulnerability (CVE-2023-27898) - Windows

Jenkins is prone to a cross-site scripting XSS vulnerability in plugin manager. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks

A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively...

WordPress WP Plugin Manager Plugin < 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Plugin Manager Type Plugin Vulnerable versions 1.1.8 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1088 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d16b9d1e38fc Credits WPScan Required...

WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

CVE-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...