org.jenkins-ci.plugins:maven-artifact-choicelistprovider (>=1.0.3 <=371.ve708f79022db_) potentially affected by CVE-2025-64133 via jp.ikedam.jenkins.plugins:extensible-choice-parameter (>=1.3.3 <=250.va_1cf60782b_1a_)

jp.ikedam.jenkins.plugins:extensible-choice-parameter MAVEN version =1.3.3, =1.0.3, =371.ve708f79022db Source cves: CVE-2025-64133 Source advisory: SNYK:JAVA-JPIKEDAMJENKINSPLUGINS-13775577...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

The CVE-2025-64135 entry concerns Jenkins Eggplant Runner Plugin (versions up to 0.0.1.301.v963cffe8ddb_8 and earlier). The vulnerability arises from the Java system property jdk.http.auth.tunneling.disabledSchemes being set to an empty value during proxy configuration, which disables a Java runt...

CVE-2025-64291 WordPress Premmerce User Roles plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through = 1.0.13...

CVE-2025-64291

CVE-2025-64291 concerns the WordPress plugin Premmerce User Roles (versions

CVE-2025-64289

CVE-2025-64289 affects the WordPress plugin Premmerce Product Search for WooCommerce (premmerce-search), with versions up to and including 2.2.4. The issue is Improper Neutralization of Input During Web Page Generation, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The CVSS indica...

CVE-2025-64226

CVE-2025-64226 is a CSRF vulnerability in the WordPress plugin Stockie Extra (stockie-extra), affecting versions up to and including 1.2.11. The issue enables Cross-Site Request Forgery where an attacker could abuse authenticated sessions to perform unwanted actions on behalf of a user. The CVSS ...

CVE-2025-58939 WordPress Super Store Finder plugin <= 7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through = 7.5...

CVE-2025-9544 Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

CVE-2025-49042 WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 10.0.2...

WordPress plugin Premmerce User Roles 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Jenkins ByteGuard Build Actions Plugin 安全漏洞

Jenkins ByteGuard Build Actions Plugin is an open source pipeline validation plugin for Jenkins. A security vulnerability exists in version 1.0 of the Jenkins ByteGuard Build Actions Plugin, which stems from an unmasked API token on a job configuration form, which could lead to an attacker...

PT-2025-44298

Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A cross-site request forgery CSRF flaw exists in the Jenkins Publish to Bitbucket Plugin. This issue allows attackers to connect to a URL specified by the attacker,...

WordPress plugin Stockie Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

CVE-2025-62937

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...