Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of July 27, 2022 and is not available for download. This closure is temporary, pending a full review.

If you can not write in code, this plugin does not help you!

I was using the plain bxslider script on my site. When I wrote my blog in wordpress, I tried various plugins, but none exposes all the options of bxslider like this plugin. The pro version is worth it. Nico, the plugin author help me set up my site in no time.

Pretty much 90% of functionality is locked to premium version which author "forgot" to mention.

i know this is simple but not working for me..pls help me

Read all 8 reviews

“BxSlider WP” is open source software. The following people have contributed to this plugin.

Contributors

*    kosinix

CVE-2022-33943: BxSlider WP

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

CVE-2022-36892: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.

CVE-2022-36888: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-36903: Jenkins Security Advisory 2022-07-27

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

CVE-2022-36882: Jenkins Security Advisory 2022-07-27

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

CVE-2022-36894: Jenkins Security Advisory 2022-07-27

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

CVE-2022-36899: Jenkins Security Advisory 2022-07-27

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVE-2022-36901: Jenkins Security Advisory 2022-07-27

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE-2022-36918: Jenkins Security Advisory 2022-07-27

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.

Tag

#xss