WordPress Plugin AI Contact Us Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-16859 · WordPress · Drag/Drop Multiple File Upload Pro - Contact Form 7 Standard +1

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin versions prior to 2.11.1 Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin versions prior to 5.0.6.4...

CVE-2023-30530

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

PT-2023-22755 · Jenkins · Jenkins Wso2 Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue concerns the storage of the WSO2 Oauth client secret in an unencrypted form within the global config.xml file on the Jenkins controller. This file can be accessed by...

CVE-2023-1478

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module...

CVE-2023-29171

Unauth. Reflected Cross-site Scripting XSS vulnerability in Magic Post Thumbnail plugin = 4.1.10 versions...

CVE-2023-24398

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...

CVE-2023-23972

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

CVE-2023-23878 WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin = 4.3.9 versions...

CVE-2022-47596

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jeffrey-WP Media Library Categories plugin = 1.9.9 versions...

CVE-2023-23707

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...

CVE-2022-47431

Reflected Cross-Site Scripting XSS vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin = 2.0.14 versions...

WordPress Plugin Bitcoin Payments – Blockonomics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability previously existed ...

CVE-2022-41785 WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin = 2.2.8 versions...

CVE-2023-24381

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes Advanced Social Pixel plugin = 2.1.1 versions...

PT-2023-2189 · Jenkins · Jenkins Convert To Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convert To Pipeline Plugin versions 1.0 and earlier Description: The issue is related to the incorrect handling of code generation in the Convert To Pipeline Plugin, specifically in the Freestyle Project Configuration Handler componen...

PT-2023-15209 · Unknown · Void Contact Form 7 Widget For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: Void Contact Form 7 Widget For Elementor Page Builder plugin versions = 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web...

GHSA-J664-QHH4-HPF8 Cross-site Scripting vulnerability in Jenkins

Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...