PT-2025-21256 · WordPress · Wp Content Security Plugin

Name of the Vulnerable Software and Affected Versions: WP Content Security Plugin versions up to, and including, 2.3 Description: The WP Content Security Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters due to insufficient...

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execut...

Malicious code in talsec-react-native-security-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68ab8661116d9ec30b2582ba0a9547684e8ad10024bae79f2b4094e5ea0937d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-15894 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The Shopware application API contains a search functionality that enables users to search through information stored within their Shopware instance. The...

PT-2025-15423 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue allows an attacker to cause a Denial of Service by passing long passwords via forms in Storefront forms or Store-API. Recommendations: For versions...

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

CVE-2022-24879

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery CSRF token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7....

CVE-2022-0993

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and...

CVE-2020-13574

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-22408

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

WordPress plugin W2S 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-23611 WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound WH Cache & Security allows Reflected XSS. This issue affects WH Cache & Security: from n/a through 1.1.2...

WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WH Cache & Security versions = 1.1.2...

CVE-2024-49222 WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.145 is vulnerable to SQL Injection

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.145 Fixed in 2.145.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10570 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ceade72368ed Credits mikemyers Required...

Missing permission check in Jenkins Script Security Plugin

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

GHSA-JV82-75FH-23R7 Missing permission check in Jenkins Script Security Plugin

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

CVE-2024-52549

CVE-2024-52549 affects Jenkins Script Security Plugin (1367.vdf2fc45f229c and earlier, with exceptions 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776). The issue is a missing permission check in a form-validation method, allowing attackers with Overall/Read permission to determine wheth...

CVE-2024-52549

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

WordPress plugin Titan Anti-spam & Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...