WordPress WP-Members Membership Plugin plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files vulnerability

Unprotected Storage of Potentially Sensitive Files vulnerability discovered by Tim Coen in WordPress Plugin WP-Members versions = 3.4.9.3...

WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Custom field finder versions = 0.3...

WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WordPress Assistant versions = 1.4.9.1...

PT-2024-24743 · WordPress · Advanced Search

Name of the Vulnerable Software and Affected Versions: Advanced Search WordPress plugin versions 1.1.6 and earlier Description: The issue allows users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configuration due to improper escaping of...

WordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Simply Static versions = 3.1.3...

WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin BA Book Everything versions = 1.6.8...

WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Aspose.Words Exporter versions = 6.3.1...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.5.0...

WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Digital Publications by Supsystic versions = 1.7.7...

WordPress BEAR plugin <= 1.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das in WordPress Plugin BEAR versions = 1.1.4.1...

WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Benchmark Email Lite versions = 4.1...

WordPress Generate Child Theme plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Generate Child Theme versions = 2.0...

WordPress Plugin LayerSlider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MQ Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default. Recommendations: For Jenkins MQ Notifier Plugin...

PT-2024-14949 · WordPress · Wordpress Toolbar

Name of the Vulnerable Software and Affected Versions: WordPress Toolbar WordPress plugin versions 2.2.6 and earlier Description: The issue allows unauthenticated attackers to redirect users to potentially malicious sites by tricking them into performing an action. This is achieved via the wptbto...

WordPress plugin ChatBot with AI code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Qualys Jenkins Plugin Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49397 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49397 Source advisory: OSV:GHSA-5F56-H6FG-RCRH...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49379 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49379 Source advisory: OSV:GHSA-R2WJ-MXVH-WQFH...