Command injection

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...

PT-2023-19434 · Totolink · Totolink Ca300-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: A command injection issue was found via the plugin version parameter in the setUnloadUserData function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...

WordPress plugin WP Google My Business Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-40697

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 3com – Asesor de Cookies para normativa española plugin = 3.4.3 versions...

PT-2023-10192 · Webdevstudios · Taxonomy-Switcher Plugin

Name of the Vulnerable Software and Affected Versions: WebDevStudios taxonomy-switcher Plugin versions up to 1.0.3 Description: A problematic issue was found in the WebDevStudios taxonomy-switcher Plugin, affecting the taxonomy switcher init function of the file taxonomy-switcher.php. This issue...

PT-2023-14259 · WordPress · Wp Rss By Publishers

Name of the Vulnerable Software and Affected Versions: WP RSS By Publishers WordPress plugin version 0.1 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high...

PT-2022-25998 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

CVE-2021-4244 yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...

PT-2022-24842 · WordPress · Buddybadges

Name of the Vulnerable Software and Affected Versions: buddybadges WordPress plugin versions 1.0.0 and earlier Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by...

PT-2022-27949 · Jenkins · Jenkins Git Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Gitea Plugin versions 1.4.4 and earlier Description: The implementation of Gitea personal access tokens in the Jenkins Gitea Plugin did not support credentials masking, potentially exposing them through the build log. Administrators w...

CVE-2022-40209

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Xylus Themes WP Smart Import plugin = 1.0.2 on WordPress...

WordPress plugin WP Affiliate Platform 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-40216

Auth. subscriber+ Messaging Block Bypass vulnerability in Better Messages plugin = 1.9.10.69 on WordPress...

PT-2022-27292 · Unknown · Creative Mail

Name of the Vulnerable Software and Affected Versions: Creative Mail plugin versions prior to 1.5.5 Description: The issue concerns Multiple Cross-Site Request Forgery CSRF vulnerabilities. Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue...

CVE-2022-40694

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in News Announcement Scroll plugin = 8.8.8 on WordPress...

CVE-2022-45399

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

Jenkins Plugin JAPEX 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

CVE-2022-42494

Server Side Request Forgery SSRF vulnerability in All in One SEO Pro plugin = 4.2.5.1 on WordPress...

WordPress plugin Spam protection SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blogs on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data, and WordPress plugin is an...