PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

CVE-2021-24577

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS...

CVE-2021-36874

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin WP Design Maps & Places...

CVE-2021-36871

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title...

CVE-2021-34663

The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...

CVE-2021-34641 SEOPress <= 5.0.0 – 5.0.3 Authenticated Stored Cross-Site Scripting

The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up a personal blog site on a server with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. version before Light Messages WordPress plugin 1...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress plugin The Stock in & out 1.0.4 and earlier...

WordPress 插件代码注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A code injection vulnerability exists in the...

WordPress Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress CM Download Manager, which stems from a cross-site...

PT-2021-14716 · Jenkins · Jenkins Cas Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CAS Plugin versions 1.6.0 and earlier Description: The issue improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks by having users go to a Jenkins URL...

WordPress 竞争条件问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...

Recently < 3.0.5 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue PoC POST /wp-admin/options-general.php?page=recently=tools HTTP/1.1 Accept:...

Jenkins 代码问题漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An XML external entity...

WordPress 信息泄露漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...

CVE-2021-24150

The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery SSRF...

WordPress 信息泄露漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in the WordPress plugin...