WordPress universal-analytics plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress universal-analytics plugin. An attacker can explo...

WordPress custom-sidebars plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. custom-sidebars is a custom feature list plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...

CloudBees Jenkins Gearman Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Gearman Plugin is used in one of the highly...

WordPress weblibrarian plugin cross-site scripting vulnerability (CNVD-2019-28884)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. weblibrarian is a library catalog management system used in it. A cross-site scripting vulnerability exists in the WordPress...

WordPress users-customers-import-export-for-wp-woocommerce plugin CSV injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. users-customers-import-export-for-wp-woocommerce is a user import/export plugin used in it. A CSV injection vulnerability exists in th...

CVE-2019-15328

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS...

Cross site scripting

The corner-ad plugin before 1.0.8 for WordPress has XSS...

Directory traversal

The posts-in-page plugin before 1.3.0 for WordPress has icaddposts template='../ directory traversal...

CVE-2013-7483

The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion...

CVE-2016-10930

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

CVE-2014-10391

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

CVE-2014-10390

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal...

Path traversal

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...

Directory traversal

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal...

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

CVE-2019-15326

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal...

CVE-2014-10390

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal...

CVE-2017-18584

The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action...

CVE-2016-10926

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php...

CVE-2016-10917

The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316...