Use 3rd-party plugins at your own risk

SonarQube has always had a rich plugin Marketplace, with much of SonarQubes functionality originally delivered as plugins and many additional needs being met by community-maintained plugins. But since October 2019, all SonarSource-provided functionality is bundled with SonarQube. That means any...

PT-2021-11070 · Qt Company +1 · Qt +1

Name of the Vulnerable Software and Affected Versions: Qt versions 5.12.7 and 5.14.1 Description: An issue has been fixed where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Recommendations: For Qt version...

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...

Welcart e-Commerce < 2.2.8 - Authenticated System Information Disclosure

The uscesdownloadsysteminformation AJAX action of the plugin did not have capability check in place, allowing any authenticated user such as subscriber to can export data including WordPress settings, theme and plugins active/inactive along with their version, Welcart general settings and payment...

CMSuno 1.7 - (tgo) Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno version 1.7 and prior ...

CMSuno 1.7 - &#039;tgo&#039; Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Date: 03-08-2021 Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno versi...

CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability. The vulnerability allowed for...

Remote code execution

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability. The vulnerability allowed for...

Remote code execution in workflow import - CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability which allowed for various...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Plugins Builder that stems from the product...

Radare2 - UNIX-like Reverse Engineering Framework And Command-Line Toolset

r2 is a rewrite from scratch of radare. It provies a set of libraries, tools and plugins to ease reverse engineering tasks. The radare project started as a simple command-line hexadecimal editor focused on forensics, over time more features were added to support a scriptable command-line low leve...

Fedora: Security Advisory for containernetworking-plugins (FEDORA-2021-0c53d8738d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: containernetworking-plugins-1.0.0-0.2.rc1.fc33

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resource...

Nulled WordPress Plugins – Dangers and Downsides

In our 2020 Threat Report, the Wordfence Threat Intelligence Team identified malware distributed via nulled, pirated, or counterfeit plugins and themes as one of the largest threats facing the WordPress ecosystem. Many site owners are unaware of the risks associated with using nulled plugins, and...

WooCommerce & WooCommerce Blocks Plugins for WordPress Unauthenticated SQL Injection

WordPress WooCommerce plugin versions 3.3 through 5.5.0 and WooCommerce Blocks feature plugins versions 2.5 through 5.5.0 are vulnerable to an unauthenticated SQL injection vulnerability. Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2021-2219)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (openSUSE-SU-2021:1819-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1819-1 advisory. - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the...

EulerOS 2.0 SP5 : gstreamer1-plugins-good (EulerOS-SA-2021-2219)

According to the version of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska...

Wpscvn - Wpscvn Is A Tool For Pentesters, Website Owner To Test If Their Websites Had Some Vulnerable Plugins Or Themes

wpscvn is a tool for pentesters, website owner to test if their websites had some vulnerable plugins or themes The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. requires : Python 3 usage ...

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins availab...