Plugin Release Notes

WAS Plugin Feed202308091456

Aug 9, 2023, 2:56 PM

Modified Detection
  • 112439Server-Side Request Forgery
  • 113338Web Cache Poisoning
  • 113634Server-Side Inclusion Injection
  • 113964PHP 8.2.x < 8.2.7 Information Disclosure
  • 113965PHP 8.1.x < 8.1.20 Information Disclosure
  • 113966PHP 8.0.x < 8.0.29 Information Disclosure
  • 113986Ninja Forms Plugin for WordPress < 3.6.26 Multiple Vulnerabilities
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 113989MediaWiki < 1.38.2 Unlimited Lexeme Length Denial Of Service
  • 113990MediaWiki < 1.35.5 Multiple Vulnerabilities
  • 113991MediaWiki 1.36.x < 1.36.3 Multiple Vulnerabilities
  • 113992MediaWiki 1.37.x < 1.37.1 Multiple Vulnerabilities
  • 113993MediaWiki < 1.37.0 Multiple Vulnerabilities
  • 113994MediaWiki < 1.36.0 Invalid MediaWiki Abusefilter-blocker Breaks Filters
  • 113995MediaWiki < 1.35.2 Oauth Overlength Rsa Key
  • 113996MediaWiki < 1.37.3 Multiple Vulnerabilities
  • 113997MediaWiki < 1.31.12 Special Contributions Hidden User Leakage
  • 113998MediaWiki 1.32.x < 1.35.2 Special Contributions Hidden User Leakage
  • 113999MediaWiki < 1.35.0 Multiple Vulnerabilities
  • 114000MediaWiki < 1.23.16 Wiki Visitor IP Leakage
  • 114001MediaWiki 1.24.x < 1.27.2 Wiki Visitor IP Leakage
  • 114002MediaWiki 1.28.x < 1.28.1 Wiki Visitor IP Leakage
  • 114003MediaWiki < 1.17.2 Deleted Text Exposure
  • 114004MediaWiki 1.18.x < 1.18.1 Deleted Text Exposure
  • 98100Path Traversal
  • 98116NoSQL Injection
  • 98123Operating System Command Injection
  • 98125Local File Inclusion
  • 98127LDAP Injection
  • 98779Source Code Passive Disclosure
New
  • 114005AYS Popup Box Plugin for WordPress < 3.1.3 Cross-Site Scripting
WAS Plugin Feed202308020802

Aug 2, 2023, 8:02 AM

Modified Detection
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113979Atlassian Confluence < 7.13.17 Read Only User Attachment Uploads Service
  • 113980Atlassian Confluence 7.14.x < 7.19.9 Read Only User Attachment Uploads
  • 113981Atlassian Confluence 7.20.x < 8.2.2 Read Only User Attachment Uploads
  • 113982Atlassian Confluence 8.x < 8.3.2 Remote Code Execution
  • 113983Atlassian Confluence 6.1.x < 7.13.20 Remote Code Execution
  • 113984Atlassian Confluence 7.14.0 < 7.19.8 < Remote Code Execution
  • 113985Atlassian Confluence 8.x < 8.2.0 Remote Code Execution
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed202307311300

Jul 31, 2023, 1:00 PM

Modified Detection
  • 112550Full Path Disclosure
  • 112614Server-Side Template Injection
  • 98779Source Code Passive Disclosure
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed202307240920

Jul 24, 2023, 9:20 AM

Modified Detection
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113335DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113971Citrix Gateway / ADC Cross-Site Scripting
  • 113973Web Services Description Language (WSDL) File Detected
  • 98008Web Application Firewall Detected
  • 98060Missing 'X-Frame-Options' Header
  • 98072Common Directories Detection
  • 98611Error Message
  • 98612Missing 'Expect-CT' Header (deprecated)
  • 98779Source Code Passive Disclosure
  • 98828PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
New
  • 113972OpenID Connect Anonymous Account
  • 113974Web Application Description Language (WADL) File Detected
  • 113975PHP Debug Bar Enabled
  • 113977Odoo < 16.2022.12.24 Cross-Site Scripting
WAS Plugin Feed202307130817

Jul 13, 2023, 8:17 AM

Modified Detection
  • 112540SSL/TLS Certificate RSA Keys Less Than 2048 bits
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113335DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113422DotNetNuke Administration Panel Login Form Detected
  • 113449WordPress Cron Enabled
  • 113716Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole
  • 113904Sitecore Unauthenticated User Enumeration
  • 113905Sitecore Unauthenticated Arbitrary File Read
  • 113960Apache Tomcat 11.0.0-M5 Information Disclosure
  • 113961Apache Tomcat 10.1.8 Information Disclosure
  • 113962Apache Tomcat 9.0.74 Information Disclosure
  • 113963Apache Tomcat 8.5.88 Information Disclosure
  • 113971Citrix Gateway / ADC Cross-Site Scripting
  • 98054Unvalidated Redirection
  • 98126Remote File Inclusion
  • 98649Invalid Subresource Integrity
  • 98681Sitemap.xml File Detected
WAS Plugin Feed202307060627

Jul 6, 2023, 6:27 AM

Modified Detection
  • 112719Client-Side Prototype Pollution
  • 113069SQL Injection Authentication Bypass
  • 113162MySQLjs SQL Injection Authentication Bypass
  • 113309XPath Injection Authentication Bypass
  • 113317Expression Language Injection
  • 113331LDAP Injection Authentication Bypass
  • 113337NoSQL Injection Authentication Bypass
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 98042Login Form Bruteforced
  • 98109DOM-based Cross-Site Scripting (XSS)
  • 98139Cookie Authentication Succeeded
  • 98681Sitemap.xml File Detected
New
  • 113969Social Login and Register for WordPress < 7.6.5 Authentication Bypass
  • 113970Nuxt.js 3.4.x < 3.4.3 Remote Code Execution