366 matches found
PT-2025-1932 · WordPress · Bulk Me Now!
Name of the Vulnerable Software and Affected Versions: Bulk Me Now! WordPress plugin versions 2.0 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. Recommendations...
WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
PT-2025-1954 · WordPress · Social Share Buttons
Name of the Vulnerable Software and Affected Versions: Social Share Buttons for WordPress versions 2.7 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for exampl...
GHSA-FPW7-8GJC-JWQJ Cache confusion in Jenkins Eiffel Broadcaster Plugin
The Jenkins Eiffel Broadcaster Plugin allows events published to RabbitMQ to be signed using certificate credentials. To improve performance, the plugin caches some data from the credential. Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key. Thi...
PT-2025-5356 · Jenkins · Jenkins Bitbucket Server Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Server Integration Plugin versions 2.1.0 through 4.1.3 Description: The issue allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. This is due to an overly permissive...
PT-2025-3824 · Themeisle · Orbit Fox
Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Pricing Table widget due to insufficient input sanitization and output escapi...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative (SUSE-SU-2024:4407-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4407-1 advisory. - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java...
CVE-2024-10637
The CVE concerns the Gutenberg Blocks with AI by Kadence WP WordPress plugin (before 3.2.54). It states that some block options are not properly validated/escaped before being output in the page/post where the block is embedded, enabling Stored Cross-Site Scripting. Affected surface: authenticate...
CVE-2024-10480
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-35857 · WordPress · Wp Mermaid
Name of the Vulnerable Software and Affected Versions: WP Mermaid versions 1.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious scripts into the...
PT-2024-16482
Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...
PT-2024-15984 · WordPress · Wp Booking Calendar
Name of the Vulnerable Software and Affected Versions: WP Booking Calendar WordPress plugin versions prior to 10.6.3 Description: The issue concerns the WP Booking Calendar WordPress plugin, which does not properly sanitise and escape some of its Widgets settings. This could allow high-privilege...
PT-2024-28188 · Upqode · Upqode Plum: Spin Wheel & Email Pop-Up
Name of the Vulnerable Software and Affected Versions: Upqode Plum: Spin Wheel & Email Pop-up versions n/a through 2.0 Description: The issue affects the Upqode Plum: Spin Wheel & Email Pop-up plugin, allowing access to functionality not properly constrained by ACLs, and stored XSS...
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2024-42404 Cross-site scripting CWE-79 - CVE-2024-45366 Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...
RHSA-2018:3618 Red Hat Security Advisory: flash-plugin security update
Bulletin has no description...
RHSA-2018:0520 Red Hat Security Advisory: flash-plugin security update
Bulletin has no description...
RHSA-2016:1079 Red Hat Security Advisory: flash-plugin security update
Bulletin has no description...
RHSA-2015:1086 Red Hat Security Advisory: flash-plugin security update
Bulletin has no description...
RHSA-2015:0697 Red Hat Security Advisory: flash-plugin security update
Bulletin has no description...
RHSA-2014:1852 Red Hat Security Advisory: flash-plugin security update
Bulletin has no description...