CVE-2023-37954

A cross-site request forgery CSRF vulnerability in Jenkins Rebuilder Plugin 320.v5a0933ae7d61 and earlier allows attackers to rebuild a previous build...

CVE-2023-36517

Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...

CVE-2023-25468

Cross-Site Request Forgery CSRF vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...

PT-2023-19556 · WordPress · Scott Paterson Contact Form 7 Redirect & Thank You Page

Name of the Vulnerable Software and Affected Versions: Scott Paterson Contact Form 7 Redirect & Thank You Page plugin versions = 1.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing...

WordPress plugin Social Login and Register 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

PT-2023-22141 · Pi Websolution · Pi Websolution Conditional Cart Fee Plugin

Name of the Vulnerable Software and Affected Versions: PI Websolution Conditional cart fee plugin versions 1.0.96 and earlier Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For PI Websoluti...

CVE-2023-27452

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wow-Company Button Generator – easily Button Builder plugin = 2.3.3 versions...

PT-2023-19221 · Qumos · Qumos Mojoplug Slide Panel Plugin

Name of the Vulnerable Software and Affected Versions: Qumos MojoPlug Slide Panel plugin versions prior to 1.1.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For Qumos MojoPlug...

PT-2023-21759 · WordPress · Smtp2Go – Email Made Easy

Name of the Vulnerable Software and Affected Versions: SMTP2GO – Email Made Easy plugin versions = 1.4.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For SMTP2GO – Email Made Easy plugin...

CVE-2023-27443

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Grant Kimball Simple Vimeo Shortcode plugin = 2.9.1 versions...

CVE-2022-47586

Unauth. SQL Injection SQLi vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin = 3.1.23 versions...

WordPress Plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-21181 · WordPress · Upload Resume Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Upload Resume WordPress plugin versions 1.2.0 and earlier Description: The issue allows unauthenticated visitors to upload arbitrary media files to the site due to a lack of validation of the captcha parameter when uploading a resume via the...

CVE-2023-26013

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPChill Strong Testimonials plugin = 3.0.2 versions...

PT-2023-25164 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are...

CVE-2023-31236

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in unFocus Projects Scripts n Styles plugin = 3.5.7 versions...

CVE-2021-4343

The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stmlistingregister AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated...

PT-2023-12447 · WordPress · Unauthenticated Account Creation

Name of the Vulnerable Software and Affected Versions: Unauthenticated Account Creation plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows unauthenticated attackers to create accounts, including those with administrator privileges, due to the stm listing...

WordPress plugin VK Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-4676

The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...