CVE-2022-40216

Auth. subscriber+ Messaging Block Bypass vulnerability in Better Messages plugin = 1.9.10.69 on WordPress...

PT-2022-27292 · Unknown · Creative Mail

Name of the Vulnerable Software and Affected Versions: Creative Mail plugin versions prior to 1.5.5 Description: The issue concerns Multiple Cross-Site Request Forgery CSRF vulnerabilities. Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue...

CVE-2022-40694

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in News Announcement Scroll plugin = 8.8.8 on WordPress...

CVE-2022-45399

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

Jenkins Plugin JAPEX 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

CVE-2022-42494

Server Side Request Forgery SSRF vulnerability in All in One SEO Pro plugin = 4.2.5.1 on WordPress...

WordPress plugin Spam protection SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blogs on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data, and WordPress plugin is an...

CVE-2022-43429

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

CVE-2022-2574

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-23930 · Unknown · Wha Crossword Plugin

Name of the Vulnerable Software and Affected Versions: WHA Crossword plugin version 1.1.10 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject malicious script...

Jenkins NS-ND Integration Performance Publisher Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-20734 · WordPress · Translate Multilingual Sites

Name of the Vulnerable Software and Affected Versions: Translate Multilingual sites WordPress plugin versions prior to 2.3.3 Description: The issue allows for an authenticated SQL injection. This can be achieved by adding a new language via the settings page, containing specific special character...

WordPress plugin Culture Object 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2022-23982 · Galerio & Urda · Better Delete Revision

Name of the Vulnerable Software and Affected Versions: Galerio & Urda's Better Delete Revision plugin version 1.6.1 and earlier Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious...

CVE-2022-36282

Authenticated editor+ Stored Cross-Site Scripting XSS vulnerability in Roman Pronskiy's Search Exclude plugin = 1.2.6 at WordPress...

CVE-2022-34658

Multiple Authenticated contributor+ Persistent Cross-Site Scripting XSS vulnerabilities in W3 Eden Download Manager plugin = 3.2.48 at WordPress...

CVE-2022-36389 WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WordPlus Better Messages plugin = 1.9.9.148 at WordPress...

CVE-2021-36852

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking plugin = 1.10.5 at WordPress...

PT-2022-17629 · WordPress · Auto-Hyperlink Urls

Name of the Vulnerable Software and Affected Versions: Auto-hyperlink URLs WordPress plugin versions through 5.4.1 Description: The issue allows for Tab Nabbing, giving the target site access to the source tab through the window.opener DOM object, because the plugin does not set rel="noopener...