113 matches found
CVE-2022-45398
A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...
CVE-2022-45399
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...
CVE-2022-45398
Summary (CVE-2022-45398): A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin
PT-2022-27500 · Jenkins · Jenkins Cluster Statistics Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cluster Statistics Plugin versions 0.4.6 and earlier Description: A cross-site request forgery CSRF issue allows attackers to delete recorded Jenkins Cluster Statistics. This can be exploited by attackers to manipulate the system...
PT-2022-27501 · Jenkins · Jenkins Cluster Statistics Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cluster Statistics Plugin versions 0.4.6 and earlier Description: A missing permission check in the Jenkins Cluster Statistics Plugin allows attackers to delete recorded Jenkins Cluster Statistics. This issue is related to an HTTP...
CVE-2022-45399
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...
CVE-2022-45399
CVE-2022-45399 : Jenkins Cluster Statistics Plugin up to version 0.4.6 contains a missing permission check on its HTTP endpoint, enabling attackers (with Overall/Read) to delete recorded Cluster Statistics. The description does not specify a patch version or mitigation, and no exploitation detail...
CVE-2022-45398
A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...
CVE-2022-27231
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product...
CVE-2022-1005
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters...
GHSA-XV69-6RF3-W5G2 Missing permission check in Jenkins Cloud Statistics Plugin
Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. Jenkins Cloud Statistics Plugin 0.27 requires...
WordPress WP Statistics plugin <= 13.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress WP Statistics plugin versions = 13.2.1. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.2.2...
WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)
An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
CVE-2022-0410
The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection...
CVE-2022-25148
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...
CVE-2022-25306
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...
WordPress plugin WP Statistics SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Statistics plugin 13.1.5 and earlier versions are vulnerable to SQL injection, which can be exploited by attackers to...
WordPress plugin WP Statistics 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress WP Statistics plugin 13.1.5 and earlier versions have a cross-site scripting vulnerability that can be exploited...
WordPress plugin WP Statistics SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin WP Statistics is vulnerable to SQL...