1726 matches found
WordPress photoblocks-grid-gallery plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. photoblocks-grid-gallery is an image gallery plugin used in it. A cross-site scripting vulnerability exists in WordPress...
CVE-2016-10935
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation...
PT-2019-7026 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.5.2 Description: The issue concerns a cross-site scripting XSS flaw in the booking form of the events-manager plugin. This type of flaw allows attackers to inject malicious scripts into the website,...
CVE-2016-10915
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF...
CVE-2019-14216
An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...
CVE-2017-18511
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF...
PT-2019-11777 · Jenkins · Jenkins Codefresh Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Codefresh Integration Plugin versions 1.8 and earlier Description: The issue concerns the Jenkins Codefresh Integration Plugin, which unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. This...
PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Maven Integration Plugin versions 3.3 and earlier Description: The issue potentially reveals sensitive build variables in the build log because build log decorators are not applied to module builds. Recommendations: For Jenkins Maven...
WordPress Yoast SEO Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Yoast SEO Plugin versions prior to 11.6-RC5, which ca...
WordPress Tribulant Slideshow Gallery plugin cross-site scripting vulnerability (CNVD-2019-30133)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Tribulant Slideshow Gallery plugin is an image autoplay plugin used in it. A cross-site scripting vulnerability exists in...
PT-2019-9289 · WordPress · Wp All Import
Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns multiple XSS vulnerabilities. These can be accessed via the "action=template" endpoint. It's worth noting that the vendor disputes this being a vulnerability, citing that WP A...
WP Google Maps Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wp-admin/admin.php file in versions of the WordPress...
PT-2019-11318 · Jenkins · Jenkins Kanboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kanboard Plugin versions 1.5.10 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL, potentially leading to...
WordPress rss-feed-post-generator-echo 1.0.0 Database Disclosure
Exploit Title : WordPress rss-feed-post-generator-echo Plugins 1.0.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 03/12/2018 Vendor Homepage : wordpress.org/plugins/echo-rss-feed-post-generator-free-version/ +...
WordPress Plugin Question Answer Has Multiple Cross-Site Scripting Vulnerabilities
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in WordPress plugin Question Answer v1.2.30, which can be exploited by...
Wordpress Arigato Autoresponder and Newsletter Cross-Site Scripting Vulnerability (CNVD-2019-29703)
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin that is used in... A cross-site scripting vulnerability exists in the...
CloudBees Jenkins TraceTronic ECU-TEST Plugin Server-Side Request Forgery Vulnerability
CloudBees Jenkins is a suite of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor ongoing software releases/testing projects and some timed tasks.TraceTronic ECU-TEST Plugin is an automated test software for embedded systems that uses... TraceTronic ECU-TEST...
CloudBees Jenkins meliora-testlab Plugin Information Disclosure Vulnerability
CloudBees Jenkins is a set of U.S. CloudBees company based on Java development of continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks . meliora-testlab Plugin is used in one of the results of unit tests publishe...
CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2018-11102)
CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Groovy Postbuild Plugin is to use one of the...
Atlassian Jira Artezio Kanban Board Plugin Cross-Site Scripting Vulnerability
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace.Artezio Kanban Board plugin is one of the tools used to plan, manage, monitor and review the work of the team. A cross-site...