WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46842 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

CVE-2022-4022

The CVE-2022-4022 entry concerns the WordPress SVG Support plugin (versions 2.5–2.5.1). The root cause is insecure default settings that do not sanitize SVG files containing JavaScript, permitting authenticated users with author-level privileges or higher to upload malicious SVGs that can be embe...

WordPress Awesome Support plugin <= 6.1.1 - Auth. Arbitrary Exported Tickets Download vulnerability

Auth. Arbitrary Exported Tickets Download vulnerability discovered by dc11 in WordPress Awesome Support plugin versions = 6.1.1. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.1.2...

CVE-2022-1755

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

CVE-2022-1755 SVG Support < 2.5 - Author+ Stored Cross-Site Scripting

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

GHSA-QRQM-574X-Q7F2 Awesome Support vulnerable to persistent cross-site scripting

Multiple Authenticated custom specific plugin role Persistent Cross-Site Scripting XSS vulnerability in Awesome Support plugin = 6.0.7 at WordPress...

CVE-2022-38073 WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties)

Multiple Authenticated custom specific plugin role Persistent Cross-Site Scripting XSS vulnerability in Awesome Support plugin = 6.0.7 at WordPress...

CVE-2022-38073

CVE-2022-38073 affects the WordPress Awesome Support plugin (versions ≤ 6.0.7). The root cause is insufficient sanitization of the ticket title, enabling a stored XSS by users with a custom plugin role (authenticated). The impact is persistent cross-site scripting within the plugin context. Advis...

CVE-2022-2559

The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users...

WordPress plugin Fluent Support SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2022-2039 Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupportisettings function found in the /livesupporti.php file. This makes it possible for unauthenticated attacke...

CVE-2022-2039

CVE-2022-2039 concerns the Free Live Chat Support plugin for WordPress, where a CSRF flaw stems from missing nonce protection in livesupporti_settings() (livesupporti.php). The affected range is up to and including 1.0.11 (some sources also reference 1.0.12). The vulnerability allows unauthentica...

GHSA-5HVR-3FCR-WX8C Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

CVE-2022-27852

Multiple Unauthenticated Stored Cross-Site Scripting XSS vulnerabilities in KB Support WordPress plugin = 1.5.5 versions...

CVE-2022-27852

Multiple Unauthenticated Stored Cross-Site Scripting XSS vulnerabilities in KB Support WordPress plugin = 1.5.5 versions...

WordPress plugin KB Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2021-24686

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...