PT-2023-25940 · WordPress · Sudipto Pratap Mahato Simple Light Weight Social Share

Name of the Vulnerable Software and Affected Versions: Sudipto Pratap Mahato Simple Light Weight Social Share plugin versions = 2.0 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can inject...

CVE-2023-27452

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wow-Company Button Generator – easily Button Builder plugin = 2.3.3 versions...

CVE-2023-25793

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in George Pattihis Link Juice Keeper plugin = 2.0.2 versions...

CVE-2023-30530

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

CVE-2022-47431

Reflected Cross-Site Scripting XSS vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin = 2.0.14 versions...

CVE-2023-24381

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes Advanced Social Pixel plugin = 2.1.1 versions...

PT-2022-4020 · Jenkins · Jenkins Compuware Source Code Download For Endevor +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware...

CVE-2022-29445

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Popup Box plugin = 2.1.2 at WordPress...

WordPress plugin Translate WordPress with GTranslate 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Translate WordPress with GTranslate plugin version 2.9.9 is vulnerable to cross-site request forgery. The vulnerability...

CloudBees Jenkins Azure Key Vault Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

PT-2020-15341 · Jenkins · Jenkins Parasoft Environment Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Parasoft Environment Manager Plugin versions 2.14 and earlier Description: The issue allows unauthorized access to unencrypted passwords stored in job config.xml files on the Jenkins master. Users with Extended Read permission or acce...

CloudBees Jenkins TraceTronic ECU-TEST Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is a suite of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor ongoing software releases/testing projects and some timed tasks.TraceTronic ECU-TEST Plugin is an automated test software for embedded systems that uses... TraceTronic ECU-TEST...