WordPress plugin WP Page Builder 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WP Pag...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. Contact Form 7 Style WordPress plugin through 3.1.9 suffers from a cross-site request forgery vulnerability that ste...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. eLearning and online course solution WordPress plugin before 1.8.3 suffers from a SQL injection vulnerability that...

WordPress GiveWP Cross-Site Scripting Vulnerability

WordPress Foundation GiveWP is WordPress Foundation open source an application system . Provide the functionality of an online donation system . A cross-site scripting vulnerability exists in WordPress GiveWP plugin version 2.9.7, no detailed vulnerability details are available at this time...

Jenkins Parameterized Build 跨站脚本漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

Wordpress Blog2Social SQL Injection Vulnerability

Wordpress Blog2Social is an application plugin for Wordpress. Provides an automatic posting and updating feature. A SQL injection vulnerability exists in WordPress Blog2Social plugin versions prior to 6.3.1, which stems from the fact that unauthenticated input can lead to SQL injection in the...

CVE-2021-24141

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

Wordpress Team Members 跨站脚本漏洞

Wordpress Team Members is a Wordpress open source application plugin . Provide a team in the administration panel to add functionality . A cross-site scripting vulnerability exists in the Team Members WordPress plugin versions prior to 5.0.4. The vulnerability stems from the program not properly...

CloudBees Jenkins Support Core Plugin Information Disclosure Vulnerability

Jenkins Support Core is a Jenkins open source application plugin . Provides in Jenkins to generate support information "bundle" of the basic infrastructure . An information disclosure vulnerability exists in Jenkins Support Core Plugin version 2.72 and earlier. The vulnerability stems from the...

PT-2021-14661 · Jenkins · Jenkins Repository Connector Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.0.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin...

WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Autoptimize Authenticated File Upload', 'Description' = %q The aoccssimport AJAX call does not ensure that the file provided is a...

WordPress Authorization Issues Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress Limit Login Attempts plugin in versions prior to 1.7.1 stems from a...

CloudBees Jenkins AWS Global Configuration Plugin Access Control Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An access control error...

CloudBees Jenkins Azure Key Vault Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

PT-2020-15553 · Cloudbees +2 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global config.xml file on the Jenkins controller. This allows users with access to the...

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

PT-2020-15521 · Jenkins · Couchdb-Statistics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins couchdb-statistics Plugin versions 0.3 and earlier Description: The issue concerns the storage of the server password in an unencrypted form in the global configuration file on the Jenkins controller. Specifically, the password is...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CloudBees Jenkins Liquibase Runner Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...