673 matches found
CVE-2024-52549
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...
CVE-2024-52549
CVE-2024-52549 affects Jenkins Script Security Plugin (1367.vdf2fc45f229c and earlier, with exceptions 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776). The issue is a missing permission check in a form-validation method, allowing attackers with Overall/Read permission to determine wheth...
WordPress plugin Titan Anti-spam & Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin SiteGround Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Shield Security plugin < 20.0.6 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Shield Security versions 20.0.6...
PT-2024-38259 · WordPress · The Shield Security Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The Shield Security WordPress plugin versions prior to 20.0.6 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This...
CVE-2024-43794
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794
CVE-2024-43794 affects the OpenSearch Dashboards Security Plugin, which adds a configuration management UI for OpenSearch Security features. The issue is improper validation of the nextUrl parameter, allowing external redirects on login for specially crafted inputs. A patch is available and recom...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
PT-2024-7916 · Opensearch +2 · Opensearch Dashboards Security Plugin +2
Name of the Vulnerable Software and Affected Versions: OpenSearch Dashboards Security Plugin versions prior to 1.3.19 OpenSearch Dashboards Security Plugin versions prior to 2.16.0 Description: The issue is related to improper validation of the nextUrl parameter, which can lead to an external...
OpenSearch Dashboards Security Plugin 安全漏洞
OpenSearch Dashboards Security Plugin is an OpenSearch Dashboards Security Plugin for OpenSearch open source. A security vulnerability exists in OpenSearch Dashboards Security Plugin versions prior to 1.3.19 and prior to 2.16.0 that stems from improper validation of the nextUrl parameter, which m...
Exploit for Cross-site Scripting in Getshieldsecurity Shield_Security
Shield Security Plugin Vulnerability Exploit CVE-2024-7313...
WordPress Titan Anti-spam & Security Plugin <= 7.3.6 is vulnerable to Broken Access Control
Software Titan Anti-spam & Security Type Plugin Vulnerable versions = 7.3.6 Fixed in 7.3.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38777 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ff019213e5be Credits Joshua Chan...
WordPress Defender Security Plugin <= 3.3.2 is vulnerable to Broken Authentication
Software Defender Security Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2022-44581 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID e5d5684810f0 Credits Snicco Required privilege...
jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes
A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protecti...
CVE-2023-47189 WordPress Defender Security plugin <= 4.2.0 - Masked Login Area View Bypass vulnerability
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0...
CVE-2023-34001 WordPress Hide My WP Ghost – Security Plugin plugin <= 5.0.25 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25...
CVE-2023-34001 WordPress Hide My WP Ghost – Security Plugin plugin <= 5.0.25 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25...