PT-2022-19585 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue allows attackers to execute a SQL Injection SQLi attack. This is done via the &id parameter. Recommendations: For Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6, consider...

PT-2022-19584 · Mufeng · Mufeng'S Hermit 音乐播放器

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: An Authenticated SQL Injection SQLi issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter. Recommendations...

PT-2022-18643 · Unknown · Alexander Ustimenko'S Psychological Tests & Quizzes Plugin

Name of the Vulnerable Software and Affected Versions: Alexander Ustimenko's Psychological tests & quizzes plugin versions = 0.21.19 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability. It affects users with a contributor or higher role. The vulnerability can be exploited vi...

CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

PT-2022-19384 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Node and Label parameter Plugin versions 1.10.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Node and Label parameter Plugin does not escape the name and...

PT-2022-18836 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue arises becau...

WordPress plugin Simple Event Planner 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previous versions have a cross-site scripting vulnerability, which can be exploited by...

CVE-2022-27204

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Simple Membership plugin prior to 4.0.9. The vulnerability stems from the fact that the Simple Membership plugin do...

PT-2022-17146 · Jenkins · Jenkins Chef Sinatra Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin versions 1.20 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and parse an XML response. The plugin does...

PT-2022-17128 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 20.2.34 and earlier Description: The issue allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system. This is due to the lack of sanitization of the...

Jenkins Publish Over SSH Plugin安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-sit...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....

WordPress Plugin Timetable and Event Schedule 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

JVN#65388002: WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin accordin...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.WooCommerce Blocks plugin is a WordPress open source application plugin.WooCommerce Blocks feature plugin version...

PT-2021-14671 · Jenkins · Jenkins Build With Parameters Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build With Parameters Plugin versions 1.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because parameter names and descriptions are not properly escaped. This can be exploited by...

Jenkins Configuration Slicing 跨站请求伪造漏洞

Jenkins Configuration Slicing is a Jenkins open source application plugin . Provides bulk configuration of selected project properties , including email , timers , discard old versions and Maven configuration. Jenkins Configuration Slicing Plugin 1.51 and earlier versions have a cross-site reques...

CloudBees Jenkins CSRF Vulnerability (CNVD-2020-51389)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...