29 matches found
WordPress 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress plugin WP-Stats, which is caused ...
org.jenkins-ci.plugins:project-build-times (>=1.0 <=1.2.1), org.jenkins-ci.plugins:project-stats-plugin (>=0.1 <=0.4) potentially affected by CVE-2021-21649 via org.jenkins-ci.plugins:dashboard-view (>=2.0 <=2.0.2)
org.jenkins-ci.plugins:dashboard-view MAVEN version =2.0, =1.0, =0.1, =0.4 Source cves: CVE-2021-21649 Source advisory: OSV:GHSA-JWHM-9CJM-4493...
Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers
UPDATE Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm Force, it is only aware of one...
Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...
Cross site request forgery (csrf)
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...
CVE-2017-1000389
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...
WordPress WP-Stats plugin has multiple vulnerabilities
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. HTML injection vulnerability and cross-site scripting vulnerability exis...
WordPress Stats Plugin <= 2.51 - Multiple Vulnerabilities
This plugin is prone to cross site scripting and cross site request forgery vulnerabilities. Solution Update the plugin...
wppersist-xss.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. DESCRIPTION OF THE SOFTWARE On May 6th, 2007 a new WordPress plugin called "stats" was released. This plugin allows a WordPress user who has his blog self-hosted to use the Wordpress.com statistics. The plugin includes a JavaScript on the blog page...