WordPress plugin Accept Stripe Payments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-34817

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2017-20124

A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

PT-2022-22357 · Jenkins · Jenkins Skype Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Skype notifier Plugin versions 1.1.0 and earlier Description: The issue concerns the storage of a password in an unencrypted form within the global configuration file on the Jenkins controller. This password is stored in the file...

PT-2022-22344 · Jenkins · Jenkins Recipe Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Recipe Plugin version 1.2 and earlier Description: A cross-site request forgery issue allows attackers to send an HTTP request to a specified URL and parse the response as XML. Recommendations: For Jenkins Recipe Plugin version 1.2 an...

Jenkins Plugin Cisco Spark 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

CVE-2017-20099

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely...

WordPress plugin NextCellent Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress NextCellent Gallery plugin 1.9.35 and its previous versions are vulnerable to a cross-site scriptin...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

WordPress plugin underConstruction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

CVE-2022-1790

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1299

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-29441

Cross-Site Request Forgery CSRF vulnerability in Private Messages For WordPress plugin = 2.1.10 at WordPress allows attackers to send messages...

CVE-2022-29445

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Popup Box plugin = 2.1.2 at WordPress...

GHSA-6G57-H38C-Q52G Cross-Site Request Forgery in Jenkins Mailer Plugin

Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...

CVE-2022-29413

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress via &title parameter...

CVE-2022-1384

CVE-2022-1384 concerns Mattermost 6.4.x and earlier, where the system fails to properly validate the version of a plugin when installed from the Marketplace. The root cause is a deficient plugin-version check, which enables an authenticated and authorized user to install and potentially exploit a...

PT-2022-13845 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue is related to insecure plugin handling in Mattermost, where the software fails to properly check the plugin version when a plugin is installed from the Marketplace. This allows an...

WordPress plugin Contest Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...