ThemeREX Addons - Remote Code Execution

"This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts." Note WPScanTeam: There are major version inconsistencies in the trxaddons shipped with the affected themes. As a result, a...

Wordpress plugin events-manager local file disclosure vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A local file disclosure vulnerability exists in the wordpress plugin...

PT-2020-15336 · Jenkins · Jenkins Bmc Release Package/Deployment Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BMC Release Package and Deployment Plugin versions 1.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to t...

Minimal Coming Soon & Maintenance Mode < 2.17 - Insecure permissions: Export Settings/Theme Change

There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site. Login with subscriber or above permissions and send the following request to export the plugin settings:...

WordPress Import Legacy Media Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Import Legacy Media is a media file import plugin used in it. A cross-site scripting vulnerability exists in WordPress Import Legacy...

CloudBees Jenkins Alauda DevOps Pipeline plugin authorization issue vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

CloudBees Jenkins RapidDeploy plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

WordPress CleanTalk cleantalk-spam-protect cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CleanTalk cleantalk-spam-protect is a spam-protection plugin used in it. A cross-site scripting vulnerability exists in WordPress...

WordPress Scoutnet Kalender Cross-Site Scripting Vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.Scoutnet Kalender is one of the calendar plugins. A cross-site scripting vulnerability exists in version 1.1.0 of the WordPre...

CVE-2019-19133

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...

Unspecified Vulnerability in CloudBees Jenkins Google Compute Engine Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Google Compute Engine Plugin is used in one o...

WordPress download-plugins-dashboard plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress download-plugins-dashboard plugin. The...

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 a...

CloudBees Jenkins Dynatrace Application Monitoring Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dynatrace Application Monitoring Plugin is us...

WordPress freshmail-newsletter plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. freshmail-newsletter is an email marketing and newsletter plugin used in it. A SQL injection vulnerability exists in WordPress...

WordPress Showbiz Pro Plugin Has Unspecified Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Showbiz Pro is a responsive trailer display plugin used in it. A security vulnerability exists in WordPress Showbiz Pro plugin version...

WordPress Easy!Appointments Plugin Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy!Appointments is a web-based appointment management plugin used in it. An information disclosure vulnerability exists in the...

PT-2019-11832 · Jenkins · Jenkins Crx Content Package Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier Jenkins CRX Content Package Deployer Plugin versions prior to 1.9 Description: A missing permission check in the Jenkins CRX Content Package Deployer Plugin allowed...

CloudBees Jenkins CloudShare Docker-Machine Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.CloudShare Docker-Machine Plugin is used in one of the plugin for building and...

WordPress RobotCPA Plugin Path Traversal Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.RobotCPA is one of the robot accounting plugins used in it. A path traversal vulnerability exists in version 5 ...