CVE-2022-27845

Authenticated admin or higher user role Stored Cross-Site Scripting XSS in PlausibleHQ Plausible Analytics WordPress plugin = 1.2.2...

PT-2022-18832 · Jenkins · Jenkins Bitbucket Server Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier Description: The issue allows attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers due to a lack of permission checks in several...

WordPress plugin Translate WordPress with GTranslate 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Translate WordPress with GTranslate plugin version 2.9.9 is vulnerable to cross-site request forgery. The vulnerability...

WordPress plugin WordPress File Upload Free and Pro 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . WordPress plugin is an open source WordPress application plugin . A path traversal vulnerability exists in the WordPress Fil...

CVE-2022-25611 WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...

WordPress Easy Social Icons plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...

CVE-2022-27214

A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

PT-2022-18294 · Jenkins · Jenkins Global-Build-Stats Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 1.5 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because multiple fields in the chart configuration on the 'Global Build Stats' page are...

PT-2022-18288 · Jenkins · Jenkins Semantic Versioning Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Semantic Versioning Plugin versions 1.13 and earlier Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue allows attackers to control agent processes and have Jenkins parse a crafted file,...

WordPress plugin 日志日志信息泄露漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress CorreosExpress plugin 2.6.0 and previous...

WordPress 的 Custom Content Shortcode插件访问控制错误漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress Custom Content Shortcode plugin versions prio...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions of the WordPress Post Snippets plugin prior to 3.1.4, which stems fro...

WordPress plugin 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in Wordpress Drag & Drop Contact Form Plugin 1.0.5 and earlier...

WordPress 信息泄露漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Emails and Alerts plugin prior to 1.8.7. The vulnerability stems from the failure of the custom WordPress Emails and Alerts...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Header Footer Code Manager plugin 1.1.16 and previous versions have a cross-site scripting vulnerability that can...

PT-2022-17134 · Jenkins · Jenkins Autonomiq Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to ...

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Gwolle Guestbook plugin has a cross-site scripting vulnerability in versions prior to 4.2.0, which stems from...

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Image Hover Effects Ultimate plugin 9.6.1 and earlier versions have a security vulnerability that can ...