CVE-2023-28786 WordPress Solid Security Plugin <= 8.1.4 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4...

WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure

Software Defender Security Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.2.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-51490 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 6b8b4abdceeb Credits Joshua Chan...

All In One WP Security < 5.2.5 - Protection Bypass of Renamed Login Page via URL Encoding

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to protection bypass on the login page in all versions up to and including 5.2.4. This makes it possible for unauthenticated attackers to visit the login page in cases where it has been renamed by...

PT-2023-8522 · WordPress · The Shield Security

Name of the Vulnerable Software and Affected Versions: The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress versions up to, and including, 18.5.9 Description: The issue is related to Local File Inclusion, which allows an unauthenticated attacker to include...

WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection

Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. PoC Blind...

WordPress Plugin WP EXtra Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Simply Excerpts <= 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. Put the following payload...

jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

CVE-2022-4712

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

PT-2023-31704

Name of the Vulnerable Software and Affected Versions Defender Security WordPress plugin versions prior to 4.1.0 Description The issue allows an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled, due to the plugin not preventing...

Sort SearchResult By Title < 11.0 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

PT-2023-30664 · WordPress · Dologin Security

Name of the Vulnerable Software and Affected Versions: DoLogin Security WordPress plugin versions prior to 3.7.1 Description: The issue concerns the DoLogin Security WordPress plugin, which does not restrict access to a widget showing IPs of failed logins to low-privileged users. This could...

Insufficient Session Expiration

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests...

HTTP Header Injection

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of...

Authentication Bypass by Spoofing

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user...

Open Redirect

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a...

Server-side Request Forgery (SSRF)

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or...

Improper Restriction of Excessive Authentication Attempts

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication 2FA. Although the application blocks the user after several failed...