WordPress woocommerce-pdf-invoices-packing-slips plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. woocommerce-pdf-invoices-packing-slips plugin is used in one of the invoices sent for e-commerce plugin. A cross-site...

WordPress social-buttons-pack plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. social-buttons-pack plugin is a social sharing plugin used in it. A cross-site scripting vulnerability exists in WordPress...

WordPress twitter-cards-meta plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. twitter-cards-meta plugin is a Twitter account information display plugin used in it. A cross-site scripting vulnerability exists in...

WordPress twitter-cards-meta plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. twitter-cards-meta plugin is a Twitter account information display plugin used in it. A cross-site request forgery vulnerability exist...

WordPress Ultimate Member plugin cross-site scripting vulnerability (CNVD-2019-27693)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Member plugin is one of the plugins used to create member sites or online communities. A cross-site scripting vulnerability...

CVE-2017-18493

The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues...

Cross site scripting

The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search...

Cross site request forgery (csrf)

The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF...

CVE-2017-18507

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS...

WordPress Lightbox Plus Colorbox Plugin Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Lightbox Plus Colorbox plugin is an image magnification viewing plugin used in it. A cross-site request forgery vulnerabilit...

Cross site scripting

The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS...

CVE-2017-18506

The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens...

WordPress ARPrice Lite plugin cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the core/views/arpriceimportexport.php file in version 2.2 of the WordPr...

WordPress Woody ad snippets plugin security feature issue vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Woody ad snippets is used in one of the pages to add ads to the plugin. The WordPress Woody ad snippets plugin has a security signature...

CVE-2019-14785

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php&pwizard=1 cpcontactformppid parameter...

CVE-2019-14773

admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion...

WordPress BearDev JoomSport Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.BearDev JoomSport plugin is a plugin used in it to build sports sites. A SQL injection vulnerability exists in the WordPress...

WordPress Sygnoos Popup Builder Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Sygnoos Popup Builder is one of the popup plugins used in it. A SQL injection vulnerability exists in WordPress Sygnoos Popup Builder...

WordPress WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.10Web Photo Gallery plugin is an image management plugin used in it. A SQL injection vulnerability exists in WordPress 10Web...

PT-2019-11759 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue concerns the Jenkins Configuration as Code Plugin, which did not reliably identify sensitive values expected to be exported in their encrypted form...