CVE-2023-25479

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

PT-2023-20109 · WordPress · Eric Teubert Archivist – Custom Archive Templates

Name of the Vulnerable Software and Affected Versions: Eric Teubert Archivist – Custom Archive Templates plugin versions 1.7.4 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

CVE-2023-22686 WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

CVE-2022-45839

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WHA WHA Puzzle plugin = 1.0.9 versions...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

Jenkins Plugin Fogbugz 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-28993 WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ignazio Scimone Albo Pretorio On Line plugin = 4.6.1 versions...

CVE-2023-23996

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in ProfilePress Membership Team ProfilePress plugin = 4.5.3 versions...

CVE-2023-23981

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

PT-2023-19276 · Flippercode · Wp Maps Plugin

Name of the Vulnerable Software and Affected Versions: flippercode WordPress Plugin for Google Maps – WP MAPS plugin versions = 4.3.9 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability affects users with editor or higher permissions. There is ...

PT-2023-19889 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin versions = 5.12.6 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability affects users with contributor or higher permissions. There is no information provided about...

CVE-2022-47433

Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...

PT-2023-15416 · Unknown · Dmytriy.Cooperman Magicform

Name of the Vulnerable Software and Affected Versions: Dmytriy.Cooperman MagicForm plugin versions = 0.1 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, which will then be executed by the user's...

CVE-2022-46867

Cross-Site Request Forgery CSRF vulnerability in Chasil Universal Star Rating plugin = 2.1.0 version...

CVE-2023-22700

Cross-Site Request Forgery CSRF vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL TAG Manager plugin = 9.3.0 versions...

WordPress plugin Juicer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-15380 · WordPress · Wp Responsive Testimonials Slider/Widget

Name of the Vulnerable Software and Affected Versions: WP Responsive Testimonials Slider And Widget WordPress plugin versions 1.5 and earlier Description: The issue concerns the WP Responsive Testimonials Slider And Widget WordPress plugin, which does not properly validate and escape some of its...

WordPress plugin Donation Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-27947 · Jenkins · Jenkins Google Login Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Login Plugin versions 1.4 through 1.6 Description: The issue arises from the improper determination of a redirect URL after login, which is supposed to point to Jenkins. This could potentially lead to unauthorized access. The...