Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-31725

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.9 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin ElementsCSS Addons for Elementor versions = 1.0.8.9...

WordPress Pin Generator Plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata in WordPress Plugin Pin Generator versions = 2.0.0...

WordPress DobsonDev Shortcodes plugin <= 2.1.12 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DobsonDev Shortcodes versions = 2.1.12...

CVE-2025-31872 WordPress WP Clone any post type Plugin <= 3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Clone any post type: from n/a through = 3.6...

CVE-2025-31865 WordPress CartBoss plugin <= 4.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CartBoss CartBoss cartboss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartBoss: from n/a through = 4.1.2...

CVE-2025-31835 WordPress WP Plugin Info Card plugin <= 5.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brice Capobianco WP Plugin Info Card wp-plugin-info-card allows DOM-Based XSS.This issue affects WP Plugin Info Card: from n/a through = 5.3.0...

CVE-2025-30782 WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Download Lite subscribe-to-download-lite allows PHP Local File Inclusion.This issue affects Subscribe to Download Lite: from n/a through = 1.2.9...

CVE-2025-30548 WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VarDump s.r.l. Advanced Post Search advanced-post-search allows Reflected XSS.This issue affects Advanced Post Search: from n/a through = 1.1.0...

WordPress plugin mb.YTPlayer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-30883 WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in richplugins Trust.Reviews fb-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trust.Reviews: from n/a through = 2.3...

CVE-2025-30833 WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through = 4.8.2...

CVE-2024-13889 WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

GHSA-V2RR-FHV8-MX74 wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting

The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-13710

The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebudsettings' page. This makes it possible for unauthenticated attackers to update...

CVE-2024-10472

The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP-Advanced-Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Easy 301 Redirects 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...