com.sonyericsson.hudson.plugins.multi-slave-config-plugin:multi-slave-config-plugin (>=1.1.1 <=1.2.0) potentially affected by CVE-2022-30951 via org.jenkins-ci.plugins:windows-slaves (=1.0)

org.jenkins-ci.plugins:windows-slaves MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:windows-slaves and may be impacted: - com.sonyericsson.hudson.plugins.multi-slave-config-plugin:multi-slave-config-plugin...

com.sonyericsson.hudson.plugins.multi-slave-config-plugin:multi-slave-config-plugin (>=1.1.1 <=1.2.0) potentially affected by CVE-2022-30950 via org.jenkins-ci.plugins:windows-slaves (=1.0)

org.jenkins-ci.plugins:windows-slaves MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:windows-slaves and may be impacted: - com.sonyericsson.hudson.plugins.multi-slave-config-plugin:multi-slave-config-plugin...

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000143 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000143...

CVE-2022-29410

Authenticated SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via...

PT-2022-19584 · Mufeng · Mufeng'S Hermit 音乐播放器

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: An Authenticated SQL Injection SQLi issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter. Recommendations...

PT-2022-19585 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue allows attackers to execute a SQL Injection SQLi attack. This is done via the &id parameter. Recommendations: For Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6, consider...

PT-2022-18643 · Unknown · Alexander Ustimenko'S Psychological Tests & Quizzes Plugin

Name of the Vulnerable Software and Affected Versions: Alexander Ustimenko's Psychological tests & quizzes plugin versions = 0.21.19 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability. It affects users with a contributor or higher role. The vulnerability can be exploited vi...

CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

PT-2022-19384 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Node and Label parameter Plugin versions 1.10.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Node and Label parameter Plugin does not escape the name and...

PT-2022-18836 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue arises becau...

WordPress plugin Simple Event Planner 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previous versions have a cross-site scripting vulnerability, which can be exploited by...

CVE-2022-27204

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Simple Membership plugin prior to 4.0.9. The vulnerability stems from the fact that the Simple Membership plugin do...

PT-2022-17128 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 20.2.34 and earlier Description: The issue allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system. This is due to the lack of sanitization of the...

PT-2022-17146 · Jenkins · Jenkins Chef Sinatra Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin versions 1.20 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and parse an XML response. The plugin does...

Jenkins Publish Over SSH Plugin安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-sit...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....

WordPress Plugin Timetable and Event Schedule 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

JVN#65388002: WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin accordin...