检测

Plugin Release Notes

WAS Plugin Feed202310060725

Oct 6, 2023, 7:25 AM

Modified Detection
  • 112824Atlassian Jira < 8.5.12 Cookie Without Secure Flag
  • 112825Atlassian Jira 8.6.x < 8.13.4 Cookie Without Secure Flag
  • 112826Atlassian Jira 8.14.x < 8.15.0 Cookie Without Secure Flag
  • 112929Microsoft SharePoint Server 2019 < 16.0.10375.20000 Multiple Vulnerabilities
  • 112930Microsoft SharePoint Server 2013 < 15.0.5353.1000 Multiple Vulnerabilities
  • 112931Microsoft SharePoint Server 2016 < 16.0.5173.1000 Multiple Vulnerabilities
  • 113070UAParser.js 0.7.29 Embedded Malware
  • 113072UAParser.js 1.0.0 Embedded Malware
  • 113085Microsoft SharePoint Server 2019 < 16.0.10379.20000 Multiple Vulnerabilities
  • 113086Microsoft SharePoint Server 2016 < 16.0.5227.1000 Multiple Vulnerabilities
  • 113087Microsoft SharePoint Server 2013 < 15.0.5389.1000 Multiple Vulnerabilities
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113116Adobe ColdFusion 2016 < 2016 Update 17 / 2018 < 2018 Update 11 / 2021 < 2021 Update 1 Cross-Site Scripting
  • 113165Apache mod_negotiation Alternative Filename Disclosure
  • 113247Google Web Toolkit Detected
  • 113258OpenAPI Permissive Input Validation
  • 113430Disclosed European Personal Data Number
  • 113452WordPress Plugins Detected
  • 113545Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113838WooCommerce Payments Plugin for WordPress 5.6.x < 5.6.2 Authentication Bypass
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114006Web Cache Poisoning Denial of Service
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114024WP Data Access Plugin for WordPress < 5.3.8 Privilege Escalation
  • 114030CraftCMS 4.x < 4.4.15 Remote Code Execution
  • 114031WooCommerce Payments Plugin for WordPress 6.3.x < 6.3.2 Authentication Bypass
  • 114032WooCommerce Payments Plugin for WordPress 6.2.x < 6.2.2 Authentication Bypass
  • 114033WooCommerce Payments Plugin for WordPress 5.5.x < 5.5.2 Authentication Bypass
  • 114034WooCommerce Payments Plugin for WordPress 5.4.x < 5.4.1 Authentication Bypass
  • 114035WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass
  • 114036WooCommerce Payments Plugin for WordPress 5.2.x < 5.2.2 Authentication Bypass
  • 114037WooCommerce Payments Plugin for WordPress 5.1.x < 5.1.3 Authentication Bypass
  • 114038WooCommerce Payments Plugin for WordPress 5.0.x < 5.0.4 Authentication Bypass
  • 114039WooCommerce Payments Plugin for WordPress 4.9.x < 4.9.1 Authentication Bypass
  • 114040WooCommerce Payments Plugin for WordPress 4.8.x < 4.8.2 Authentication Bypass
  • 114041Strapi Cognito Provider Authentication Bypass
  • 114042Adobe ColdFusion Remote Code Execution
  • 114043Adobe ColdFusion Improper Access Control
  • 114044Atlassian Confluence 7.13.15 < 7.13.19 Tomcat Dependancy Vulnerability
  • 114047Drupal 10.1.x < 10.1.4 Cache Poisoning
  • 114048Drupal 10.0.x < 10.0.11 Cache Poisoning
  • 114049Drupal 8.7.x < 9.5.11 Cache Poisoning
  • 114055Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114056Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 98070Common Administration Interfaces Detection
  • 98084Directory Listing
  • 98129Credit Card Number Disclosure
  • 98212WordPress Directory Listing
  • 98213Drupal Directory Listing
  • 98214Joomla! Directory Listing
  • 98784WordPress 3.7.x < 3.7.32 Multiple Vulnerabilities
  • 98785WordPress 3.8.x < 3.8.32 Multiple Vulnerabilities
  • 98786WordPress 3.9.x < 3.9.30 Multiple Vulnerabilities
  • 98787WordPress 4.0.x < 4.0.29 Multiple Vulnerabilities
  • 98788WordPress 4.1.x < 4.1.29 Multiple Vulnerabilities
  • 98789WordPress 4.2.x < 4.2.26 Multiple Vulnerabilities
  • 98790WordPress 4.3.x < 4.3.22 Multiple Vulnerabilities
  • 98791WordPress 4.4.x < 4.4.21 Multiple Vulnerabilities
  • 98792WordPress 4.5.x < 4.5.20 Multiple Vulnerabilities
  • 98793WordPress 4.6.x < 4.6.17 Multiple Vulnerabilities
  • 98794WordPress 4.7.x < 4.7.16 Multiple Vulnerabilities
  • 98795WordPress 4.8.x < 4.8.12 Multiple Vulnerabilities
  • 98796WordPress 4.9.x < 4.9.13 Multiple Vulnerabilities
  • 98797WordPress 5.0.x < 5.0.8 Multiple Vulnerabilities
  • 98798WordPress 5.1.x < 5.1.4 Multiple Vulnerabilities
  • 98799WordPress 5.2.x < 5.2.5 Multiple Vulnerabilities
  • 98885WordPress 5.3.x < 5.3.1 Multiple Vulnerabilities
  • 98986Magento Directory Listing
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
  • 114045Atlassian Confluence 7.19.7 < 7.19.11 Tomcat Dependancy Vulnerabilty
  • 114046Atlassian Confluence 8.1.1 < 8.4.1 Tomcat Dependancy Vulnerabilty
  • 114050Simple Membership Plugin For WordPress < 4.1.0 Arbitary Transaction Deletion
  • 114051Simple Membership Plugin For WordPress < 4.1.1 Reflected Cross-Site Scripting
  • 114052Simple Membership Plugin For WordPress < 4.1.3 Multiple Vulnerabilities
  • 114053Simple Membership Plugin For WordPress < 4.2.2 Authenticated Cross-Site Scripting
  • 114054Simple Membership Plugin For WordPress < 4.3.5 Multiple Vulnerabilities
WAS Plugin Feed202309200615

Sep 20, 2023, 6:15 AM

Modified Detection
  • 113580Web Cache Deception
  • 113855GiveWP Plugin for WordPress < 2.24.1 SQL Injection
  • 114006Web Cache Poisoning Denial of Service
  • 114013Download Manager Plugin for WordPress < 3.2.34 Multiple Vulnerabilities
  • 114014Easy WP SMTP Plugin for WordPress < 1.5.2 Multiple Vulnerabilities
  • 114015Events Manager Plugin for WordPress < 5.9.6 Stored Cross-Site Scripting
  • 114016Events Manager Plugin for WordPress < 5.9.5 Stored Cross-Site Scripting
  • 114017Everest Forms Plugin for WordPress < 1.8.0 Reflected Cross-Site Scripting
  • 114018GiveWP Plugin for WordPress < 2.3.1 Cross-Site Scripting
  • 114019WPBrigade LoginPress Plugin for WordPress < 1.6.3 Broken Access Control
  • 114020WPBrigade LoginPress Plugin for WordPress < 1.5.12 Reflected Cross-Site Scripting
  • 114021Ocean Extra Plugin for WordPress < 2.6.5 Insecure Deserialization
  • 114022WooCommerce PDF Invoices & Packing Slips Plugin for WordPress < 3.0.1 Reflected Cross-Site Scripting
  • 114023WooCommerce PDF Invoices & Packing Slips Plugin for WordPress < 2.10.5 Reflected Cross-Site Scripting
  • 114024WP Data Access Plugin for WordPress < 5.3.8 Privilege Escalation
  • 114025WP EasyCart Plugin for WordPress < 5.4.3 Local File Inclusions
  • 114026WP EasyCart Plugin for WordPress < 2.0.6 Sensitive Information Disclosure
  • 114027WP Fastest Cache Plugin for WordPress < 1.1.3 Multiple Vulnerabilities
  • 114028Backup and Staging by WP Time Capsule Plugin for WordPress < 1.21.16 Authentication Bypass
  • 114029Well-Known URIs Detected
  • 114030CraftCMS 4.x < 4.4.15 Remote Code Execution
  • 98070Common Administration Interfaces Detection
  • 98129Credit Card Number Disclosure
WAS Plugin Feed202309110655

Sep 11, 2023, 6:55 AM

Modified Detection
  • 114012Prometheus Sensitive Endpoint Detected
WAS Plugin Feed202309060822

Sep 6, 2023, 8:22 AM

Modified Detection
  • 112805JSONP Injection
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114008Apache Tomcat 11.0.0-M1 < 11.0.0-M11 Open Redirect
  • 114009Apache Tomcat 10.1.0-M1 < 10.1.13 Open Redirect
  • 114010Apache Tomcat 9.0.0-M1 < 9.0.80 Open Redirect
  • 114011Apache Tomcat 8.5.x < 8.5.93 Open Redirect
  • 98115SQL Injection
WAS Plugin Feed202308300900

Aug 30, 2023, 9:00 AM

Modified Detection
  • 113162MySQLjs SQL Injection Authentication Bypass
  • 113337NoSQL Injection Authentication Bypass
  • 113338Web Cache Poisoning
  • 114006Web Cache Poisoning Denial of Service
WAS Plugin Feed202308290659

Aug 29, 2023, 6:59 AM

Modified Detection
  • 112615OpenAPI File Detected
  • 112686JSON Web Token Detected
  • 112703JSON Web Token None Hashing Algorithm
  • 112808Rails Mass Assignment
  • 98103Unvalidated DOM redirect
  • 98109DOM-based Cross-Site Scripting (XSS)
  • 98110DOM-based Cross-Site Scripting (XSS) in attribute context
  • 98117Blind SQL Injection (differential analysis)
  • 98119Blind NoSQL Injection (differential analysis)
New
  • 113978ActivityPub Username Enumeration
WAS Plugin Feed202308091456

Aug 9, 2023, 2:56 PM

Modified Detection
  • 112439Server-Side Request Forgery
  • 113338Web Cache Poisoning
  • 113634Server-Side Inclusion Injection
  • 113964PHP 8.2.x < 8.2.7 Information Disclosure
  • 113965PHP 8.1.x < 8.1.20 Information Disclosure
  • 113966PHP 8.0.x < 8.0.29 Information Disclosure
  • 113986Ninja Forms Plugin for WordPress < 3.6.26 Multiple Vulnerabilities
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 113989MediaWiki < 1.38.2 Unlimited Lexeme Length Denial Of Service
  • 113990MediaWiki < 1.35.5 Multiple Vulnerabilities
  • 113991MediaWiki 1.36.x < 1.36.3 Multiple Vulnerabilities
  • 113992MediaWiki 1.37.x < 1.37.1 Multiple Vulnerabilities
  • 113993MediaWiki < 1.37.0 Multiple Vulnerabilities
  • 113994MediaWiki < 1.36.0 Invalid MediaWiki Abusefilter-blocker Breaks Filters
  • 113995MediaWiki < 1.35.2 Oauth Overlength Rsa Key
  • 113996MediaWiki < 1.37.3 Multiple Vulnerabilities
  • 113997MediaWiki < 1.31.12 Special Contributions Hidden User Leakage
  • 113998MediaWiki 1.32.x < 1.35.2 Special Contributions Hidden User Leakage
  • 113999MediaWiki < 1.35.0 Multiple Vulnerabilities
  • 114000MediaWiki < 1.23.16 Wiki Visitor IP Leakage
  • 114001MediaWiki 1.24.x < 1.27.2 Wiki Visitor IP Leakage
  • 114002MediaWiki 1.28.x < 1.28.1 Wiki Visitor IP Leakage
  • 114003MediaWiki < 1.17.2 Deleted Text Exposure
  • 114004MediaWiki 1.18.x < 1.18.1 Deleted Text Exposure
  • 98100Path Traversal
  • 98116NoSQL Injection
  • 98123Operating System Command Injection
  • 98125Local File Inclusion
  • 98127LDAP Injection
  • 98779Source Code Passive Disclosure
New
  • 114005AYS Popup Box Plugin for WordPress < 3.1.3 Cross-Site Scripting
WAS Plugin Feed202308020802

Aug 2, 2023, 8:02 AM

Modified Detection
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112704Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 112726Apache Struts 2.3.5 < 2.3.32 / 2.5.x < 2.5.10.1 Remote Code Execution (S2-045 / S2-046)
  • 112727Apache Struts 2.0.4 < 2.3.35 / 2.5.x < 2.5.17 Remote Code Execution (S2-057)
  • 112741Apache Struts 2.x < 2.3.15.1 Remote Code Execution (S2-016)
  • 112762Apache Struts 2 < 2.3.33 Remote Code Execution (S2-048)
  • 112763Apache Struts 2.1.6 < 2.3.34 / 2.5 < 2.5.13 Remote Code Execution (S2-052)
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113217Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (Spring4Shell)
  • 113373Atlassian Bitbucket Remote Code Execution
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113979Atlassian Confluence < 7.13.17 Read Only User Attachment Uploads Service
  • 113980Atlassian Confluence 7.14.x < 7.19.9 Read Only User Attachment Uploads
  • 113981Atlassian Confluence 7.20.x < 8.2.2 Read Only User Attachment Uploads
  • 113982Atlassian Confluence 8.x < 8.3.2 Remote Code Execution
  • 113983Atlassian Confluence 6.1.x < 7.13.20 Remote Code Execution
  • 113984Atlassian Confluence 7.14.0 < 7.19.8 < Remote Code Execution
  • 113985Atlassian Confluence 8.x < 8.2.0 Remote Code Execution
  • 98997Kentico CMS 9.x < 10.0.52 / 11.0.x < 11.0.48 / 12.0.x < 12.0.15 Remote Code Execution
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed202307311300

Jul 31, 2023, 1:00 PM

Modified Detection
  • 112550Full Path Disclosure
  • 112614Server-Side Template Injection
  • 98779Source Code Passive Disclosure
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed202307240920

Jul 24, 2023, 9:20 AM

Modified Detection
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112704Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 112726Apache Struts 2.3.5 < 2.3.32 / 2.5.x < 2.5.10.1 Remote Code Execution (S2-045 / S2-046)
  • 112727Apache Struts 2.0.4 < 2.3.35 / 2.5.x < 2.5.17 Remote Code Execution (S2-057)
  • 112741Apache Struts 2.x < 2.3.15.1 Remote Code Execution (S2-016)
  • 112762Apache Struts 2 < 2.3.33 Remote Code Execution (S2-048)
  • 112763Apache Struts 2.1.6 < 2.3.34 / 2.5 < 2.5.13 Remote Code Execution (S2-052)
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113217Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (Spring4Shell)
  • 113335DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113373Atlassian Bitbucket Remote Code Execution
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113971Citrix Gateway / ADC Cross-Site Scripting
  • 113973Web Services Description Language (WSDL) File Detected
  • 98008Web Application Firewall Detected
  • 98060Missing 'X-Frame-Options' Header
  • 98072Common Directories Detection
  • 98611Error Message
  • 98612Missing 'Expect-CT' Header (deprecated)
  • 98779Source Code Passive Disclosure
  • 98828PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
  • 98997Kentico CMS 9.x < 10.0.52 / 11.0.x < 11.0.48 / 12.0.x < 12.0.15 Remote Code Execution
New
  • 113972OpenID Connect Anonymous Account
  • 113974Web Application Description Language (WADL) File Detected
  • 113975PHP Debug Bar Enabled
  • 113977Odoo < 16.2022.12.24 Cross-Site Scripting
WAS Plugin Feed202307130817

Jul 13, 2023, 8:17 AM

Modified Detection
  • 112540SSL/TLS Certificate RSA Keys Less Than 2048 bits
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113335DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113422DotNetNuke Administration Panel Login Form Detected
  • 113449WordPress Cron Enabled
  • 113716Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole
  • 113904Sitecore Unauthenticated User Enumeration
  • 113905Sitecore Unauthenticated Arbitrary File Read
  • 113960Apache Tomcat 11.0.0-M5 Information Disclosure
  • 113961Apache Tomcat 10.1.8 Information Disclosure
  • 113962Apache Tomcat 9.0.74 Information Disclosure
  • 113963Apache Tomcat 8.5.88 Information Disclosure
  • 113971Citrix Gateway / ADC Cross-Site Scripting
  • 98054Unvalidated Redirection
  • 98126Remote File Inclusion
  • 98649Invalid Subresource Integrity
  • 98681Sitemap.xml File Detected
WAS Plugin Feed202307060627

Jul 6, 2023, 6:27 AM

Modified Detection
  • 112719Client-Side Prototype Pollution
  • 113069SQL Injection Authentication Bypass
  • 113162MySQLjs SQL Injection Authentication Bypass
  • 113309XPath Injection Authentication Bypass
  • 113317Expression Language Injection
  • 113331LDAP Injection Authentication Bypass
  • 113337NoSQL Injection Authentication Bypass
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 98042Login Form Bruteforced
  • 98109DOM-based Cross-Site Scripting (XSS)
  • 98139Cookie Authentication Succeeded
  • 98681Sitemap.xml File Detected
New
  • 113969Social Login and Register for WordPress < 7.6.5 Authentication Bypass
  • 113970Nuxt.js 3.4.x < 3.4.3 Remote Code Execution