Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the process that applies field masking rules to fields of types ip, geopoint, geoshape, xypoint, and xyshape. An attacker can access sensitive information by issuing search queries that reconstruct the original...

PT-2025-30640 · WordPress · The Security Ninja – Wordpress Security Plugin & Firewall

Name of the Vulnerable Software and Affected Versions: The Security Ninja – WordPress Security Plugin & Firewall versions prior to 5.243 Description: The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This allows...

CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

MAL-2025-5483 Malicious code in wonderland-api-security-plugin (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in wonderland-api-security-plugin (npm)

The package communicates with a domain associated with malicious activity...

CVE-2024-31447

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

CVE-2024-43794

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...

CVE-2023-23680

Cross-Site Request Forgery CSRF vulnerability in Bob Goetz WP-TopBar plugin = 5.36 versions...

CVE-2023-24390

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WeSecur Security plugin = 1.2.1 versions...

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

CVE-2022-24873

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...

CVE-2022-1557

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site...

CVE-2021-37709

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...

CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

CVE-2018-1999041

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration...

CVE-2025-4579

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-4579 WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress plugin WP Content Security Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...