25 matches found
Malicious Package
Overview hardhat-gas-profiler-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
MAL-2026-4244 Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
EUVD-2023-1527
Malicious code in bioql PyPI...
CVE-2025-5814
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsdplugincontrol function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate...
CVE-2025-5814
CVE-2025-5814 affects the WordPress plugin Profiler – What Slowing Down Your WP. The issue is an unauthorized data modification vulnerability caused by a missing capability check in the wpsd_plugin_control() function present in all versions up to and including 1.0.0. This enables unauthenticated ...
WordPress plugin Profiler 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2023-33004
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...
CVE-2023-33003
A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...
Cross-Site Request Forgery (CSRF)
Tag Profiler Plugin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists because the http endpoint doesn't require POST requests which allows an attacker to perform cross-site request forgery attacks...
Improper Access Control
Tag Profiler Plugin is vulnerable to Improper Access Control. The vulnerability exists due to lack of permission checks on http endpoints which allows an attacker to gain read access and reset the profile statistics...
GHSA-49F2-J3PP-22JM Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
Jenkins Tag Profiler Plugin 0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to reset profiler statistics. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
Jenkins Tag Profiler Plugin missing permission check
Jenkins Tag Profiler Plugin 0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to reset profiler statistics. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
Jenkins Tag Profiler Plugin 0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to reset profiler statistics. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
CVE-2023-33003
A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...
CVE-2023-33004
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...
Information disclosure
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...
CVE-2023-33004
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...
CVE-2023-33004
CVE-2023-33004 affects Jenkins Tag Profiler Plugin up to version 0.2 and earlier, where a missing permission check in an HTTP endpoint allows attackers with Overall/Read permission to reset profiler statistics. Root cause: inadequate access controls on the profiling HTTP endpoint. Impact: unautho...
CVE-2023-33003
A cross-site request forgery CSRF vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics...