PT-2024-21447 · WordPress · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress versions up to, and including, 0.1.0.22 Description: The issue is related to arbitrary file uploads due to insufficient file validation in the...

CVE-2024-28236

Vela CVE-2024-28236 describes insecure variable substitution in Vela’s pipelines (go-vela/worker) where substitution into fields such as parameters, image, and entrypoint can leak secrets by bypassing log masking. The issue arises when secrets are injected into a plugin/image and inadvertently pr...

CVE-2023-46619

Cross-Site Request Forgery CSRF vulnerability in WebDorado WDSocialWidgets plugin = 1.0.15 versions...

PT-2023-29586 · Unknown · Christopher Finke Feed Statistics

Name of the Vulnerable Software and Affected Versions: Christopher Finke Feed Statistics plugin versions = 4.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...

@bifravst/package-layered-lambdas (>=3.11.9 <=4.1.10), @candrewsintegralblue/snyk (=0.0.4) +11 more potentially affected by CVE-2022-22984 +1 more via snyk-gradle-plugin (>=3.10.0 <=3.24.2)

snyk-gradle-plugin NPM version =3.10.0, =3.11.9, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.1.0, =1.2.1, =1.0.0-dev-0b3764c8bef4a5676c834063c335bfe110a00c0b, =1.39.2, =1.43.0 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKGRADLEPLUGIN-3038624...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +923 more potentially affected by CVE-2014-2064 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.532.1.JENKINS-19453)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.0, =1.0.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.1, =2.0.6 - com.cisco.step.jenkins.plugins:jenkow-parent =0.1 and more Source cves: CVE-2014-2064 Source advisory: OSV:GHSA-9VG9-X38G-9HFX...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5324 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5324 Source advisory: OSV:GHSA-5XMF-9VGR-53MJ...

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +30 more potentially affected by CVE-2019-1003031 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.13)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 - org.jenkins-ci.plugins:build-blocker-plugin =1.7.3 and more Source cves:...

PT-2022-18857 · Unknown +1 · Phoenix Autotest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Phoenix AutoTest Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...