CVE-2019-11557

The CVE-2019-11557 entry concerns the WordPress plugin WebDorado Contact Form Builder, versions prior to 1.0.69. The vulnerability is a CSRF flaw on wp-admin/admin-ajax.php where discrepancies between POST[action] and GET[action] (unsanitized GET value) enable local file inclusion via directory t...

CVE-2018-17583

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules0content parameter in a wpfcsaveexcludepages action...

CVE-2018-17584

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page...

CloudBees Jenkins SOASTA CloudTest plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . SOASTA CloudTest Plugin is used in one of the mobile...

jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1292)

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

CVE-2019-10290

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

WordPress Ultimate Member 2.0.38 Cross Site Request Forgery

Exploit Title: WordPress Ultimate Member Plugin 2.0.38 CSRF Discovery Date: 03 / 05 / 2019 Discovered By: Georg Knabl Vendor Website: https://ultimatemember.com/ Software Link: https://wordpress.org/plugins/ultimate-member/ Software Download URL :...

PT-2019-11338 · Jenkins · Jenkins Rqm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PRQA Plugin versions 3.1.0 and earlier Description: A security issue allows attackers with local file system access to the Jenkins home directory to obtain an unencrypted password from the plugin configuration. The plugin stored a...

WordPress WooCommerce PayPal Checkout Payment Gateway plugin input validation error vulnerability (CNVD-2019-31166)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An input validation error vulnerability exists in the WordPress WooCommerce PayPal Checkout Payment Gateway...

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro...

Cross site scripting

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS...

CVE-2019-9911

The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS...

CVE-2019-9913

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS...

Upcoming Events Cross-Site Scripting Vulnerability

MyBB MyBulletinBoard is MyBB team developed a set of PHP and MySQL development of free and Web-based forum software. The software is easy to use , multi-language support , scalable , etc. Upcoming Events plugin is used in which a schedule management plugin . A cross-site scripting vulnerability...

The vulnerability of the plugin for viewing RAW images in Microsoft Windows operating systems, related to improper code generation, allows a malicious actor to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images in Microsoft Windows operating systems is related to improper code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted request...

WordPress Plugin Snax SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Snax. The vulnerability is due to the program failing to...

PT-2019-11323 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.6.2 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the system connect to an attacker-specified server and room a...

PT-2019-18616 · Kde +3 · Kde Kauth +3

Name of the Vulnerable Software and Affected Versions: KDE KAuth versions prior to 5.55 Description: The issue allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. This can cause crashes and trigger the decoding of arbitrary images wi...

CloudBees Jenkins OpenId Connect Authentication Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Openid Connect Authentication Plugin is used ...

Unspecified Vulnerability in WordPress Media File Manager

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. An unspecified vulnerability exis...