PT-2023-19230 · WordPress · Webarea | Vera Nedvyzhenko Simple Pdf Viewer

Name of the Vulnerable Software and Affected Versions: WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin versions = 1.9 Description: A Cross-Site Scripting XSS issue affects the plugin, potentially allowing unauthorized actions. The estimated number of affected devices and real-world incidents...

PT-2023-14776 · W3 Eden · Download Manager

Name of the Vulnerable Software and Affected Versions: W3 Eden, Inc. Download Manager plugin versions 3.2.59 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited without authentication, allowing for...

PT-2023-21248 · Transbank · Transbank Webpay Rest Plugin

Name of the Vulnerable Software and Affected Versions: Transbank Webpay REST plugin versions = 1.6.6 Description: The issue is related to an SQL Injection vulnerability in the Transbank Webpay REST plugin. This allows for unauthorized access and potential data manipulation. Recommendations: For...

PT-2023-14520 · WordPress · Zephilou Cyklodev Wp Notify

Name of the Vulnerable Software and Affected Versions: Zephilou Cyklodev WP Notify plugin versions 1.2.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting vulnerability that requires authentication with admin+ privileges. There is no information provided about the...

PT-2023-19559 · WordPress · Ezp Coming Soon Page

Name of the Vulnerable Software and Affected Versions: EZP Coming Soon Page plugin versions = 1.0.7.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For EZP Coming Soon Page plugin...

PT-2023-21259 · Unknown · Rbs Image Gallery

Name of the Vulnerable Software and Affected Versions: Rbs Image Gallery plugin versions prior to 3.2.13 Description: The issue is related to a Stored Cross-site Scripting XSS vulnerability. This vulnerability affects the RoboSoft Photo Gallery, Images, Slider in the Rbs Image Gallery plugin...

PT-2023-15924 · WordPress · Wcfm Frontend Manager

Name of the Vulnerable Software and Affected Versions: WCFM Frontend Manager plugin for WordPress versions up to, and including, 6.6.0 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying knowledge bases, notices, payments, managing vendors, and...

GHSA-P3W6-3F7F-PM98 Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints ...

PT-2023-15433 · WordPress · Mr Digital Simple Image Popup

Name of the Vulnerable Software and Affected Versions: Mr Digital Simple Image Popup plugin versions 1.3.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Mr Digital Simple...

PT-2023-20274 · Veracode · Veracode Azure Devops Extension +2

Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Veracode Azure DevOps Extension versions prior to 3.20.0 Description: A credential-leak issue was discovered in related Veracode products. The Veracode Scan Jenkins Plugin, when...

PT-2023-18650 · WordPress · Wpsoul Greenshift

Name of the Vulnerable Software and Affected Versions: Wpsoul Greenshift – animation and page builder blocks plugin versions = 4.9.9 Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker who has authentication credentials for the...

PT-2023-21888 · WordPress · The Lead Generated Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Lead Generated WordPress Plugin version = 1.23 Description: The issue is related to an unauthenticated insecure deserialization problem. The tve labels parameter of the tve api form submit action is passed to the PHP unserialize function...

PT-2023-15415 · Unknown · Mickael Austoni Map Multi Marker

Name of the Vulnerable Software and Affected Versions: Mickael Austoni Map Multi Marker plugin versions = 3.2.1 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially allowing them to steal user...

PT-2023-19156 · Unknown · Esstat17 Page Loading Effects

Name of the Vulnerable Software and Affected Versions: Esstat17 Page Loading Effects plugin versions prior to 2.0.0 Description: The issue is related to an Authenticated admin+ Cross-Site Scripting XSS vulnerability. This means that an attacker with administrative access could potentially inject...

PT-2023-19542 · Nsthemes · Nsthemes Advanced Social Pixel

Name of the Vulnerable Software and Affected Versions: NsThemes Advanced Social Pixel plugin versions = 2.1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For NsThemes Advanced Social Pix...

PT-2023-13893 · WordPress · Dario Curvino Yasr – Yet Another Stars Rating

Name of the Vulnerable Software and Affected Versions: Dario Curvino Yasr – Yet Another Stars Rating plugin versions = 3.1.2 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website,...

PT-2023-15193 · Kesz1 Technologies · Ipblocklist Plugin

Name of the Vulnerable Software and Affected Versions: Kesz1 Technologies ipBlockList plugin versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a...

PT-2023-2258 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.270 through 2.393 Jenkins LTS versions 2.277.1 through 2.375.3 Description: The issue is related to errors in handling HTTP headers, which can allow a remote attacker to perform cross-site scripting XSS attacks. The...

PT-2023-14757 · Unknown · Rbs Image Gallery

Name of the Vulnerable Software and Affected Versions: Rbs Image Gallery plugin versions = 3.2.9 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can lead to changes in galleries hierarchy, as well as the deactivation and activation of included plugins...

PT-2023-15435 · WordPress · Participants Database

Name of the Vulnerable Software and Affected Versions: Participants Database plugin versions 2.4.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows for list column updates. Recommendations: For versions 2.4.5 and earlier, update to a version later...