PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...

PT-2019-14701 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: The issue allows man-in-the-middle attacks due to the lack of SSH host key verification when connecting agents created by the plugin. This enables potential attacker...

PT-2019-11853 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.7.0 and earlier Description: The issue allows stored webhook URLs containing a secret token to be viewed unencrypted in the global configuration file and job config.xml files on the Jenkins...

WordPress syndication-links plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. syndication-links is used in one of the page links to add plug-ins. WordPress syndication-links plugin version 1.0.3 before the...

WordPress accurate-form-data-real-time-form-validation plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. accurate-form-data-real-time-form-validation is used in which a form data real-time validation plugin. A cross-site request...

CVE-2019-10428

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

WordPress zm-gallery plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1.0 of the WordPress zm-gallery plugin. The vulnerability stem...

WordPress kama-clic-counter plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. kama-clic-counter is a plugin that uses the page download feature in it. A SQL injection vulnerability exists in version 3.4.9 of the...

WordPress wp-whois-domain plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in version 1.0.0 of the WordPress wp-whois-domain plugin. The...

PT-2019-11791 · Jenkins · Jenkins Aqua Security Serverless Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Serverless Scanner Plugin versions 1.0.4 and earlier Description: The issue involves the transmission of configured passwords in plain text as part of job configuration forms, potentially leading to their exposure...

PT-2019-11789 · Cloudbees +1 · Jenkins Build Environment Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.146 Jenkins Build Environment Plugin versions 1.6 and earlier Description: The issue is related to a cross-site scripting vulnerability. It occurs because the Jenkins Build Environment Plugin did not properly escap...

WordPress wps-hide-login plugin security bypass vulnerability (CNVD-2019-30733)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wps-hide-login is a hide-login plugin used in it. A security vulnerability exists in WordPress wps-hide-login plugin versio...

WordPress photoblocks-grid-gallery plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. photoblocks-grid-gallery is an image gallery plugin used in it. A cross-site scripting vulnerability exists in WordPress...

CVE-2016-10935

The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation...

PT-2019-7026 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.5.2 Description: The issue concerns a cross-site scripting XSS flaw in the booking form of the events-manager plugin. This type of flaw allows attackers to inject malicious scripts into the website,...

CVE-2016-10915

The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF...

CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...

CVE-2017-18511

The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF...

PT-2019-11777 · Jenkins · Jenkins Codefresh Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Codefresh Integration Plugin versions 1.8 and earlier Description: The issue concerns the Jenkins Codefresh Integration Plugin, which unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. This...

PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Integration Plugin versions 3.3 and earlier Description: The issue potentially reveals sensitive build variables in the build log because build log decorators are not applied to module builds. Recommendations: For Jenkins Maven...