1698 matches found
CVE-2022-43429
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...
CVE-2022-2574
The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-23930 · Unknown · Wha Crossword Plugin
Name of the Vulnerable Software and Affected Versions: WHA Crossword plugin version 1.1.10 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject malicious script...
Jenkins NS-ND Integration Performance Publisher Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-20734 · WordPress · Translate Multilingual Sites
Name of the Vulnerable Software and Affected Versions: Translate Multilingual sites WordPress plugin versions prior to 2.3.3 Description: The issue allows for an authenticated SQL injection. This can be achieved by adding a new language via the settings page, containing specific special character...
WordPress plugin Culture Object 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2022-23982 · Galerio & Urda · Better Delete Revision
Name of the Vulnerable Software and Affected Versions: Galerio & Urda's Better Delete Revision plugin version 1.6.1 and earlier Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious...
CVE-2022-36282
Authenticated editor+ Stored Cross-Site Scripting XSS vulnerability in Roman Pronskiy's Search Exclude plugin = 1.2.6 at WordPress...
CVE-2022-34658
Multiple Authenticated contributor+ Persistent Cross-Site Scripting XSS vulnerabilities in W3 Eden Download Manager plugin = 3.2.48 at WordPress...
CVE-2022-36389 WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WordPlus Better Messages plugin = 1.9.9.148 at WordPress...
CVE-2021-36852
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking plugin = 1.10.5 at WordPress...
PT-2022-17629 · WordPress · Auto-Hyperlink Urls
Name of the Vulnerable Software and Affected Versions: Auto-hyperlink URLs WordPress plugin versions through 5.4.1 Description: The issue allows for Tab Nabbing, giving the target site access to the source tab through the window.opener DOM object, because the plugin does not set rel="noopener...
PT-2022-16264 · WordPress · Easy Student Results
Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive...
WordPress plugin Trending/Popular Post Slider and Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...
PT-2022-4020 · Jenkins · Jenkins Compuware Source Code Download For Endevor +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware...
Jenkins Google Cloud Backup Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-5099 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: A missing permission check in the Jenkins OpenShift Deployer Plugin allows attackers with Overall/Read permission to check for the existence of an attacker-specified fi...
WordPress plugin Shareaholic 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plug-in. An information disclosure...
WordPress plugin Button Widget Smartsoft 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...