WordPress plugin 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in Wordpress Drag & Drop Contact Form Plugin 1.0.5 and earlier...

WordPress 信息泄露漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Emails and Alerts plugin prior to 1.8.7. The vulnerability stems from the failure of the custom WordPress Emails and Alerts...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions of the WordPress Post Snippets plugin prior to 3.1.4, which stems fro...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Header Footer Code Manager plugin 1.1.16 and previous versions have a cross-site scripting vulnerability that can...

PT-2022-17134 · Jenkins · Jenkins Autonomiq Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to ...

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Gwolle Guestbook plugin has a cross-site scripting vulnerability in versions prior to 4.2.0, which stems from...

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Image Hover Effects Ultimate plugin 9.6.1 and earlier versions have a security vulnerability that can ...

PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

CVE-2021-24577

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS...

CVE-2021-36874

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin WP Design Maps & Places...

CVE-2021-36871

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title...

CVE-2021-34663

The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...

CVE-2021-34641 SEOPress <= 5.0.0 – 5.0.3 Authenticated Stored Cross-Site Scripting

The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up a personal blog site on a server with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. version before Light Messages WordPress plugin 1...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress plugin The Stock in & out 1.0.4 and earlier...

WordPress 插件代码注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A code injection vulnerability exists in the...