CVE-2022-1299

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-29441

Cross-Site Request Forgery CSRF vulnerability in Private Messages For WordPress plugin = 2.1.10 at WordPress allows attackers to send messages...

CVE-2022-29445

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Popup Box plugin = 2.1.2 at WordPress...

GHSA-6G57-H38C-Q52G Cross-Site Request Forgery in Jenkins Mailer Plugin

Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...

CVE-2022-29413

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress via &title parameter...

CVE-2022-1384

CVE-2022-1384 concerns Mattermost 6.4.x and earlier, where the system fails to properly validate the version of a plugin when installed from the Marketplace. The root cause is a deficient plugin-version check, which enables an authenticated and authorized user to install and potentially exploit a...

PT-2022-13845 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue is related to insecure plugin handling in Mattermost, where the software fails to properly check the plugin version when a plugin is installed from the Marketplace. This allows an...

WordPress plugin Contest Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

CVE-2022-27845

Authenticated admin or higher user role Stored Cross-Site Scripting XSS in PlausibleHQ Plausible Analytics WordPress plugin = 1.2.2...

PT-2022-18832 · Jenkins · Jenkins Bitbucket Server Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Server Integration Plugin versions 3.1.0 and earlier Description: The issue allows attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers due to a lack of permission checks in several...

WordPress plugin WordPress File Upload Free and Pro 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . WordPress plugin is an open source WordPress application plugin . A path traversal vulnerability exists in the WordPress Fil...

WordPress plugin Translate WordPress with GTranslate 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Translate WordPress with GTranslate plugin version 2.9.9 is vulnerable to cross-site request forgery. The vulnerability...

CVE-2022-25611 WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...

WordPress Easy Social Icons plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...

CVE-2022-27214

A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

PT-2022-18288 · Jenkins · Jenkins Semantic Versioning Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Semantic Versioning Plugin versions 1.13 and earlier Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue allows attackers to control agent processes and have Jenkins parse a crafted file,...

PT-2022-18294 · Jenkins · Jenkins Global-Build-Stats Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 1.5 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because multiple fields in the chart configuration on the 'Global Build Stats' page are...

WordPress 的 Custom Content Shortcode插件访问控制错误漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress Custom Content Shortcode plugin versions prio...

WordPress plugin 日志日志信息泄露漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress CorreosExpress plugin 2.6.0 and previous...