Lucene search
K

29 matches found

CNNVD
CNNVD
added 2021/11/01 12:0 a.m.5 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress plugin WP-Stats, which is caused ...

4.3CVSS5AI score0.00491EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2021/06/16 5:24 p.m.9 views

org.jenkins-ci.plugins:project-build-times (>=1.0 <=1.2.1), org.jenkins-ci.plugins:project-stats-plugin (>=0.1 <=0.4) potentially affected by CVE-2021-21649 via org.jenkins-ci.plugins:dashboard-view (>=2.0 <=2.0.2)

org.jenkins-ci.plugins:dashboard-view MAVEN version =2.0, =1.0, =0.1, =0.4 Source cves: CVE-2021-21649 Source advisory: OSV:GHSA-JWHM-9CJM-4493...

5.4CVSS6AI score0.72678EPSS
Exploits0
ThreatPost
ThreatPost
added 2019/12/13 6:33 p.m.97 views

Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers

UPDATE Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm Force, it is only aware of one...

8AI score
Exploits0References10
The Hacker News
The Hacker News
added 2019/12/13 10:21 a.m.81 views

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...

1.3AI score
Exploits0
Prion
Prion
added 2018/01/26 2:29 a.m.15 views

Cross site request forgery (csrf)

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

4.3CVSS6.1AI score0.00844EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/01/26 2:29 a.m.17 views

CVE-2017-1000389

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

6.1CVSS6.4AI score
Exploits0References1
CNVD
CNVD
added 2015/06/27 12:0 a.m.2 views

WordPress WP-Stats plugin has multiple vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. HTML injection vulnerability and cross-site scripting vulnerability exis...

6.7AI score
Exploits0References1
Patchstack
Patchstack
added 2015/06/17 12:0 a.m.1935 views

WordPress Stats Plugin <= 2.51 - Multiple Vulnerabilities

This plugin is prone to cross site scripting and cross site request forgery vulnerabilities. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2007/06/20 12:0 a.m.23 views

wppersist-xss.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. DESCRIPTION OF THE SOFTWARE On May 6th, 2007 a new WordPress plugin called "stats" was released. This plugin allows a WordPress user who has his blog self-hosted to use the Wordpress.com statistics. The plugin includes a JavaScript on the blog page...

7.4AI score
Exploits0
Rows per page
Query Builder