WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.WooCommerce Blocks plugin is a WordPress open source application plugin.WooCommerce Blocks feature plugin version...

PT-2021-14671 · Jenkins · Jenkins Build With Parameters Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build With Parameters Plugin versions 1.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because parameter names and descriptions are not properly escaped. This can be exploited by...

Jenkins Configuration Slicing 跨站请求伪造漏洞

Jenkins Configuration Slicing is a Jenkins open source application plugin . Provides bulk configuration of selected project properties , including email , timers , discard old versions and Maven configuration. Jenkins Configuration Slicing Plugin 1.51 and earlier versions have a cross-site reques...

CloudBees Jenkins CSRF Vulnerability (CNVD-2020-51389)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

PT-2020-15474 · Readyapi +1 · Readyapi Functional Testing Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.3 and earlier ReadyAPI Functional Testing Plugin versions 1.3 and earlier Description: The issue concerns the storage of project passwords in an unencrypted manner within job config.xml...

PT-2020-15470 · Jenkins · Jenkins Klocwork Analysis Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Klocwork Analysis Plugin versions 2020.2.1 and earlier Description: The issue concerns an XML external entity XXE attack. This occurs because the XML parser is not configured to prevent such attacks, allowing a user who can control th...

CloudBees Jenkins Email Extension Plugin Information Disclosure Vulnerability (CNVD-2020-46292)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Email Extension Plugin is used in one of the...

jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...

PT-2020-15415 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the file path for the Log file field form validation. This can be...

PT-2020-15399 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: The issue concerns a lack of SSH host key validation when connecting agents, which could enable man-in-the-middle attacks to intercept connections to build agents. This could...

Command injection

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability HA inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...

Exploit for Incorrect Authorization in Jenkins Git

CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin v3.7 Description: An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Versions...

PT-2020-15350 · Jenkins · Jenkins Cobertura Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cobertura Plugin versions 1.15 and earlier Description: The issue allows attackers who can control the coverage report file contents to overwrite any file on the Jenkins master file system. This is due to an arbitrary file write...

CloudBees Jenkins RadarGun plugin code issue vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A code issue vulnerability...

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins in Jenkins. The exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox...

PT-2019-14722 · Jenkins · Jenkins Team Concert Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Team Concert Plugin versions 1.3.0 and earlier Description: A missing permission check in form-related methods allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Recommendations: For...

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...

WordPress safe-svg denial of service vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. safe-svg is an SVG Scalable Vector Graphics upload plugin used in it. A denial of service vulnerability exists in WordPress safe-svg...

WordPress display-widgets plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. display-widgets is a widget display plugin used in it. A cross-site scripting vulnerability exists in WordPress display-widgets...

WordPress dynamic-widgets plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. dynamic-widgets is a dynamic widget management plugin used in it. A cross-site request forgery vulnerability exists in WordPress...