PT-2020-12810 · Algolplus · Algolplus Advanced Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: AlgolPlus Advanced Order Export For WooCommerce plugin version 3.1.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the woe post type parameter in the "view/settings-form.php"...

CVE-2020-8435

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rmanalyticsshowform rmformid parameter...

PT-2020-15341 · Jenkins · Jenkins Parasoft Environment Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Parasoft Environment Manager Plugin versions 2.14 and earlier Description: The issue allows unauthorized access to unencrypted passwords stored in job config.xml files on the Jenkins master. Users with Extended Read permission or acce...

VulnCheck KEV: CVE-2019-1003000

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

Exploit for Improper Certificate Validation in Microsoft

It is an offensive tool for network detection, specifically a Ze...

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/ at the beginning and a crafted SVG element...

CloudBees Jenkins Alauda Kubernetes Suport plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts...

PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...

PT-2019-14701 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: The issue allows man-in-the-middle attacks due to the lack of SSH host key verification when connecting agents created by the plugin. This enables potential attacker...

PT-2019-11853 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.7.0 and earlier Description: The issue allows stored webhook URLs containing a secret token to be viewed unencrypted in the global configuration file and job config.xml files on the Jenkins...

WordPress syndication-links plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. syndication-links is used in one of the page links to add plug-ins. WordPress syndication-links plugin version 1.0.3 before the...

WordPress accurate-form-data-real-time-form-validation plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. accurate-form-data-real-time-form-validation is used in which a form data real-time validation plugin. A cross-site request...

CVE-2019-10428

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

WordPress kama-clic-counter plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. kama-clic-counter is a plugin that uses the page download feature in it. A SQL injection vulnerability exists in version 3.4.9 of the...

WordPress wp-whois-domain plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in version 1.0.0 of the WordPress wp-whois-domain plugin. The...

WordPress zm-gallery plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1.0 of the WordPress zm-gallery plugin. The vulnerability stem...

PT-2019-11791 · Jenkins · Jenkins Aqua Security Serverless Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Serverless Scanner Plugin versions 1.0.4 and earlier Description: The issue involves the transmission of configured passwords in plain text as part of job configuration forms, potentially leading to their exposure...

PT-2019-11789 · Cloudbees +1 · Jenkins Build Environment Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.146 Jenkins Build Environment Plugin versions 1.6 and earlier Description: The issue is related to a cross-site scripting vulnerability. It occurs because the Jenkins Build Environment Plugin did not properly escap...

WordPress wps-hide-login plugin security bypass vulnerability (CNVD-2019-30733)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wps-hide-login is a hide-login plugin used in it. A security vulnerability exists in WordPress wps-hide-login plugin versio...