8304 matches found
CVE-2023-0503
The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0498
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2020-36666
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...
Cross site request forgery (csrf)
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
Cross site request forgery (csrf)
The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
Cross site request forgery (csrf)
The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
Cross site request forgery (csrf)
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
Cross site request forgery (csrf)
The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2020-36666 Multiple e-plugins - Subscriber+ Privilege Escalation
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...
PT-2023-16747 · WordPress · Oauth Single Sign On Free +3
Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On Free WordPress plugin versions prior to 6.24.2 OAuth Single Sign On Standard WordPress plugin versions prior to 28.4.9 OAuth Single Sign On Premium WordPress plugin versions prior to 38.4.9 OAuth Single Sign On Enterprise...
Critical Photon OS Security Update - PHSA-2023-4.0-0365
Updates of 'fribidi', 'gst-plugins-bad', 'c-ares' packages of Photon OS have been released...
PT-2023-16316 · WordPress · Ht Politic Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: HT Politic WordPress plugin versions prior to 2.3.8 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF...
Information Disclosure
jenkins-2-plugins is vulnerable to Information Disclosure. The webhook endpoint provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access, resulting in disclosure of sensitive information...
Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow embeds a version of IBM Content Navigator that is vulnerable to denial of service attacks and missing authorization. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer...
Jenkins Plugins OctoPerf Load Testing 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugins Performance Publisher 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugins Mashup Portlet 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugins Convert To Pipeline 命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Amazon Linux 2 : gstreamer1-plugins-base (ALAS-2023-2000)
The version of gstreamer1-plugins-base installed on the remote host is prior to 1.10.4-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2000 advisory. A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possibl...
Medium: gstreamer1-plugins-base
Issue Overview: A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability. CVE-2021-3522 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to...