PT-2022-16264 · WordPress · Easy Student Results

Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive...

WordPress plugin Trending/Popular Post Slider and Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

Jenkins Google Cloud Backup Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4020 · Jenkins · Jenkins Compuware Source Code Download For Endevor +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware...

PT-2022-5099 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: A missing permission check in the Jenkins OpenShift Deployer Plugin allows attackers with Overall/Read permission to check for the existence of an attacker-specified fi...

WordPress plugin Shareaholic 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plug-in. An information disclosure...

WordPress plugin Button Widget Smartsoft 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin Accept Stripe Payments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2022-34817

A cross-site request forgery CSRF vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs...

CVE-2017-20124

A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

PT-2022-22357 · Jenkins · Jenkins Skype Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Skype notifier Plugin versions 1.1.0 and earlier Description: The issue concerns the storage of a password in an unencrypted form within the global configuration file on the Jenkins controller. This password is stored in the file...

PT-2022-22344 · Jenkins · Jenkins Recipe Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Recipe Plugin version 1.2 and earlier Description: A cross-site request forgery issue allows attackers to send an HTTP request to a specified URL and parse the response as XML. Recommendations: For Jenkins Recipe Plugin version 1.2 an...

Jenkins Plugin Cisco Spark 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

CVE-2017-20099

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely...

WordPress plugin NextCellent Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress NextCellent Gallery plugin 1.9.35 and its previous versions are vulnerable to a cross-site scriptin...

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

WordPress plugin underConstruction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

CVE-2022-1790

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...