Plugin Release Notes

WAS Plugin Feed 202312061345

Dec 6, 2023, 1:45 PM

Modified Detection
  • 112615 OpenAPI File Detected
  • 113059 OPcache UI Detected
  • 113310 Blind XPath Injection (differential analysis)
  • 113520 Kibana 7.14.0 HTML Injection
  • 113521 Kibana 7.10.2 < 7.14.1 Code Execution
  • 113522 Kibana 7.9.0 < 7.14.1 Path Traversal
  • 113550 Zoho ManageEngine SAML SSO Remote Code Execution
  • 114117 OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure
  • 98117 Blind SQL Injection (differential analysis)
  • 98119 Blind NoSQL Injection (differential analysis)
  • 98203 WordPress User Enumeration
  • 98936 Joomla! 2.5.x < 3.9.14 Multiple Vulnerabilities
New
  • 114118 OwnCloud 10.6.x < 10.13.1 WebDav Authentication Bypass
  • 114119 Apache Tomcat 10.1.0-M1 < 10.1.16 Request Smuggling
  • 114120 Apache Tomcat 9.0.0-M1 < 9.0.83 Request Smuggling
  • 114121 Apache Tomcat 8.5.x < 8.5.96 Request Smuggling
  • 114122 Appwrite < 1.4.0 Server-Side Request Forgery
  • 114123 Atlassian Confluence 4.x < 7.19.17 Template Injection
  • 114124 Atlassian Confluence 8.x < 8.4.5 Template Injection
  • 114125 Atlassian Confluence 8.5.x < 8.5.4 Template Injection
  • 114126 Atlassian Confluence 8.6.x < 8.6.2 Template Injection
  • 114127 Atlassian Confluence 8.7.x < 8.7.1 Template Injection
WAS Plugin Feed 202312010605

Dec 1, 2023, 6:05 AM

Modified Detection
  • 113136 Wordpress Administration Panel Login Form Bruteforced
  • 114117 OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure
  • 98129 Credit Card Number Disclosure
  • 98780 Java Object Deserialization
New
WAS Plugin Feed 202311220755

Nov 22, 2023, 7:55 AM

Modified Detection
  • 98084 Directory Listing
  • 98098 Source Code Disclosure
  • 98143 Selenium Crawl Succeeded
  • 98145 Selenium Crawl Failed
  • 98212 WordPress Directory Listing
  • 98213 Drupal Directory Listing
  • 98214 Joomla! Directory Listing
  • 98986 Magento Directory Listing
New
  • 114111 SAP NetWeaver KW Reflected Cross-Site Scripting
  • 114113 Keycloak Reflected Cross-Site Scripting
WAS Plugin Feed 202311170804

Nov 17, 2023, 8:04 AM

Modified Detection
New
  • 114110 Atlassian SAML Single Sign-On Bypass
  • 114112 SysAid On-Premise < 23.3.36 Path Traversal
WAS Plugin Feed 202311150725

Nov 15, 2023, 7:25 AM

Modified Detection
  • 112476 Prototype < 1.6.0.2 Cross-Site Ajax Request
  • 112697 JSON Web Token Weak Secret
  • 113900 Cross-Site Request Forgery Token Validation Bypass
  • 113987 PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988 PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007 PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114055 Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114090 Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
  • 114092 Royal Elementor Addons and Templates Plugin for WordPress < 1.3.79 Arbitrary File Upload
  • 114101 Atlassian Confluence 7.x < 7.19.16 Improper Authorization
  • 114102 Atlassian Confluence 8.x < 8.3.4 Improper Authorization
  • 114103 Atlassian Confluence 8.4.x < 8.4.4 Improper Authorization
  • 114104 Atlassian Confluence 8.5.x < 8.5.3 Improper Authorization
  • 114105 Atlassian Confluence 8.6.x < 8.6.1 Improper Authorization
  • 98806 PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
New
  • 114106 ServiceNow Widgets Data Exposure
  • 114107 Metabase GeoJSON Remote Code Execution
  • 114108 Strapi < 4.8.0 Private Fields Sensitive Information Disclosure
  • 114109 Atlassian Confluence Improper Authorization
WAS Plugin Feed 202311071717

Nov 7, 2023, 5:17 PM

Modified Detection
  • 113224 Kerberos Authentication Succeeded
  • 113225 Kerberos Authentication Failed
  • 114056 Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057 Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058 Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 114101 Atlassian Confluence 7.x < 7.19.16 Improper Authorization
  • 114102 Atlassian Confluence 8.x < 8.3.4 Improper Authorization
  • 114103 Atlassian Confluence 8.4.x < 8.4.4 Improper Authorization
  • 114104 Atlassian Confluence 8.5.x < 8.5.3 Improper Authorization
  • 114105 Atlassian Confluence 8.6.x < 8.6.1 Improper Authorization
  • 98779 Source Code Passive Disclosure
WAS Plugin Feed 202310301031

Oct 30, 2023, 10:31 AM

Modified Detection
  • 113987 PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988 PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007 PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114012 Prometheus Sensitive Endpoint Detected
  • 114056 Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057 Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058 Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 114060 Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities
  • 114061 Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities
  • 114062 Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities
  • 114063 Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities
  • 98779 Source Code Passive Disclosure
  • 98806 PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
  • 98828 PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
  • 98831 PHP 5.6.x < 5.6.8 Multiple Vulnerabilities
  • 98901 Apache 2.4.x < 2.4.3 Multiple Vulnerabilities
  • 98959 Nginx < 1.7.5 SSL Session Reuse
  • 98960 Nginx < 1.6.2 SSL Session Reuse
New
  • 114098 Sitecore Remote Code Execution
  • 114099 Microsoft SharePoint Server 2019 build < 16.0.10399.20005 Elevation of Privilege
  • 114100 Citrix Gateway / ADC Sensitive Information Exposure
WAS Plugin Feed 202310250932

Oct 25, 2023, 9:32 AM

Modified Detection
  • 114065 Pimcore Administration Panel Login Form Detected
  • 114066 WordPress 4.1.x < 4.1.39 Multiple Vulnerabilities
  • 114067 WordPress 4.2.x < 4.2.36 Multiple Vulnerabilities
  • 114068 WordPress 4.3.x < 4.3.32 Multiple Vulnerabilities
  • 114069 WordPress 4.4.x < 4.4.31 Multiple Vulnerabilities
  • 114070 WordPress 4.5.x < 4.5.30 Multiple Vulnerabilities
  • 114071 WordPress 4.6.x < 4.6.27 Multiple Vulnerabilities
  • 114072 WordPress 4.7.x < 4.7.27 Multiple Vulnerabilities
  • 114073 WordPress 4.8.x < 4.8.23 Multiple Vulnerabilities
  • 114074 WordPress 4.9.x < 4.9.24 Multiple Vulnerabilities
  • 114075 WordPress 5.0.x < 5.0.20 Multiple Vulnerabilities
  • 114076 WordPress 5.1.x < 5.1.17 Multiple Vulnerabilities
  • 114077 WordPress 5.2.x < 5.2.19 Multiple Vulnerabilities
  • 114078 WordPress 5.3.x < 5.3.16 Multiple Vulnerabilities
  • 114079 WordPress 5.4.x < 5.4.14 Multiple Vulnerabilities
  • 114080 WordPress 5.5.x < 5.5.13 Multiple Vulnerabilities
  • 114081 WordPress 5.6.x < 5.6.12 Multiple Vulnerabilities
  • 114082 WordPress 5.7.x < 5.7.10 Multiple Vulnerabilities
  • 114083 WordPress 5.8.x < 5.8.8 Multiple Vulnerabilities
  • 114084 WordPress 5.9.x < 5.9.8 Multiple Vulnerabilities
  • 114085 WordPress 6.0.x < 6.0.6 Multiple Vulnerabilities
  • 114086 WordPress 6.1.x < 6.1.4 Multiple Vulnerabilities
  • 114087 WordPress 6.2.x < 6.2.3 Multiple Vulnerabilities
  • 114088 WordPress 6.3.x < 6.3.2 Multiple Vulnerabilities
  • 114090 Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
  • 114092 Royal Elementor Addons and Templates Plugin for WordPress < 1.3.79 Arbitrary File Upload
  • 114093 HandlebarsJS < 4.7.7 Multiple Vulnerabilities
  • 114094 HandlebarsJS 4.x < 4.5.5 Regular Expression Denial Of Service
  • 114095 HandlebarsJS < 3.0.8 Arbitrary Code Execution
  • 114096 HandlebarsJS 4.x < 4.5.3 Arbitrary Code Execution
  • 114097 HandlebarsJS < 4.3.0 Prototype Pollution
  • 98115 SQL Injection
  • 98203 WordPress User Enumeration
New
  • 114089 Pimcore User Enumeration
  • 114091 WordPress WPEngine Configuration Detected
WAS Plugin Feed 202310170831

Oct 17, 2023, 8:31 AM

Modified Detection
  • 112476 Prototype < 1.6.0.2 Cross-Site Ajax Request
  • 112697 JSON Web Token Weak Secret
  • 112804 phpBB User Enumeration
  • 113059 OPcache UI Detected
  • 113136 Wordpress Administration Panel Login Form Bruteforced
  • 113158 Package Dependencies Detected
  • 113520 Kibana 7.14.0 HTML Injection
  • 113521 Kibana 7.10.2 < 7.14.1 Code Execution
  • 113522 Kibana 7.9.0 < 7.14.1 Path Traversal
  • 113550 Zoho ManageEngine SAML SSO Remote Code Execution
  • 113900 Cross-Site Request Forgery Token Validation Bypass
  • 113987 PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988 PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007 PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114012 Prometheus Sensitive Endpoint Detected
  • 114047 Drupal 10.1.x < 10.1.4 Cache Poisoning
  • 114048 Drupal 10.0.x < 10.0.11 Cache Poisoning
  • 114049 Drupal 8.7.x < 9.5.11 Cache Poisoning
  • 114055 Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114056 Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057 Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058 Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 114060 Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities
  • 114061 Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities
  • 114062 Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities
  • 114063 Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities
  • 114065 Pimcore Administration Panel Login Form Detected
  • 98084 Directory Listing
  • 98098 Source Code Disclosure
  • 98129 Credit Card Number Disclosure
  • 98203 WordPress User Enumeration
  • 98208 Joomla! User Enumeration
  • 98209 Drupal User Enumeration
  • 98212 WordPress Directory Listing
  • 98213 Drupal Directory Listing
  • 98214 Joomla! Directory Listing
  • 98671 CVS Entries Detected
  • 98779 Source Code Passive Disclosure
  • 98780 Java Object Deserialization
  • 98806 PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
  • 98828 PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
  • 98831 PHP 5.6.x < 5.6.8 Multiple Vulnerabilities
  • 98901 Apache 2.4.x < 2.4.3 Multiple Vulnerabilities
  • 98936 Joomla! 2.5.x < 3.9.14 Multiple Vulnerabilities
  • 98959 Nginx < 1.7.5 SSL Session Reuse
  • 98960 Nginx < 1.6.2 SSL Session Reuse
  • 98986 Magento Directory Listing
New
  • 114059 Pimcore Admin Login Cross-Site Scripting
  • 114064 MediaWiki Status Module Information Disclosure
WAS Plugin Feed 202310060725

Oct 6, 2023, 7:25 AM

Modified Detection
  • 112824 Atlassian Jira < 8.5.12 Cookie Without Secure Flag
  • 112825 Atlassian Jira 8.6.x < 8.13.4 Cookie Without Secure Flag
  • 112826 Atlassian Jira 8.14.x < 8.15.0 Cookie Without Secure Flag
  • 112929 Microsoft SharePoint Server 2019 < 16.0.10375.20000 Multiple Vulnerabilities
  • 112930 Microsoft SharePoint Server 2013 < 15.0.5353.1000 Multiple Vulnerabilities
  • 112931 Microsoft SharePoint Server 2016 < 16.0.5173.1000 Multiple Vulnerabilities
  • 113070 UAParser.js 0.7.29 Embedded Malware
  • 113072 UAParser.js 1.0.0 Embedded Malware
  • 113085 Microsoft SharePoint Server 2019 < 16.0.10379.20000 Multiple Vulnerabilities
  • 113086 Microsoft SharePoint Server 2016 < 16.0.5227.1000 Multiple Vulnerabilities
  • 113087 Microsoft SharePoint Server 2013 < 15.0.5389.1000 Multiple Vulnerabilities
  • 113115 Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113116 Adobe ColdFusion 2016 < 2016 Update 17 / 2018 < 2018 Update 11 / 2021 < 2021 Update 1 Cross-Site Scripting
  • 113247 Google Web Toolkit Detected
  • 113258 OpenAPI Permissive Input Validation
  • 113430 Disclosed European Personal Data Number
  • 113452 WordPress Plugins Detected
  • 113545 Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
  • 113550 Zoho ManageEngine SAML SSO Remote Code Execution
  • 113838 WooCommerce Payments Plugin for WordPress 5.6.x < 5.6.2 Authentication Bypass
  • 113903 Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113987 PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988 PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114006 Web Cache Poisoning Denial of Service
  • 114007 PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114024 WP Data Access Plugin for WordPress < 5.3.8 Privilege Escalation
  • 114030 CraftCMS < 4.4.15 Remote Code Execution
  • 114031 WooCommerce Payments Plugin for WordPress 6.3.x < 6.3.2 Authentication Bypass
  • 114032 WooCommerce Payments Plugin for WordPress 6.2.x < 6.2.2 Authentication Bypass
  • 114033 WooCommerce Payments Plugin for WordPress 5.5.x < 5.5.2 Authentication Bypass
  • 114034 WooCommerce Payments Plugin for WordPress 5.4.x < 5.4.1 Authentication Bypass
  • 114035 WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass
  • 114036 WooCommerce Payments Plugin for WordPress 5.2.x < 5.2.2 Authentication Bypass
  • 114037 WooCommerce Payments Plugin for WordPress 5.1.x < 5.1.3 Authentication Bypass
  • 114038 WooCommerce Payments Plugin for WordPress 5.0.x < 5.0.4 Authentication Bypass
  • 114039 WooCommerce Payments Plugin for WordPress 4.9.x < 4.9.1 Authentication Bypass
  • 114040 WooCommerce Payments Plugin for WordPress 4.8.x < 4.8.2 Authentication Bypass
  • 114044 Atlassian Confluence 7.13.15 < 7.13.19 Tomcat Dependancy Vulnerability
  • 114047 Drupal 10.1.x < 10.1.4 Cache Poisoning
  • 114048 Drupal 10.0.x < 10.0.11 Cache Poisoning
  • 114049 Drupal 8.7.x < 9.5.11 Cache Poisoning
  • 114055 Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114056 Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057 Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058 Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 98070 Common Administration Interfaces Detection
  • 98084 Directory Listing
  • 98129 Credit Card Number Disclosure
  • 98212 WordPress Directory Listing
  • 98213 Drupal Directory Listing
  • 98214 Joomla! Directory Listing
  • 98784 WordPress 3.7.x < 3.7.32 Multiple Vulnerabilities
  • 98785 WordPress 3.8.x < 3.8.32 Multiple Vulnerabilities
  • 98786 WordPress 3.9.x < 3.9.30 Multiple Vulnerabilities
  • 98787 WordPress 4.0.x < 4.0.29 Multiple Vulnerabilities
  • 98788 WordPress 4.1.x < 4.1.29 Multiple Vulnerabilities
  • 98789 WordPress 4.2.x < 4.2.26 Multiple Vulnerabilities
  • 98790 WordPress 4.3.x < 4.3.22 Multiple Vulnerabilities
  • 98791 WordPress 4.4.x < 4.4.21 Multiple Vulnerabilities
  • 98792 WordPress 4.5.x < 4.5.20 Multiple Vulnerabilities
  • 98793 WordPress 4.6.x < 4.6.17 Multiple Vulnerabilities
  • 98794 WordPress 4.7.x < 4.7.16 Multiple Vulnerabilities
  • 98795 WordPress 4.8.x < 4.8.12 Multiple Vulnerabilities
  • 98796 WordPress 4.9.x < 4.9.13 Multiple Vulnerabilities
  • 98797 WordPress 5.0.x < 5.0.8 Multiple Vulnerabilities
  • 98798 WordPress 5.1.x < 5.1.4 Multiple Vulnerabilities
  • 98799 WordPress 5.2.x < 5.2.5 Multiple Vulnerabilities
  • 98885 WordPress 5.3.x < 5.3.1 Multiple Vulnerabilities
  • 98986 Magento Directory Listing
New
  • 113976 Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
  • 114041 Strapi Cognito Provider Authentication Bypass
  • 114042 Adobe ColdFusion Remote Code Execution
  • 114043 Adobe ColdFusion Improper Access Control
  • 114045 Atlassian Confluence 7.19.7 < 7.19.11 Tomcat Dependancy Vulnerabilty
  • 114046 Atlassian Confluence 8.1.1 < 8.4.1 Tomcat Dependancy Vulnerabilty
  • 114050 Simple Membership Plugin For WordPress < 4.1.0 Arbitary Transaction Deletion
  • 114051 Simple Membership Plugin For WordPress < 4.1.1 Reflected Cross-Site Scripting
  • 114052 Simple Membership Plugin For WordPress < 4.1.3 Multiple Vulnerabilities
  • 114053 Simple Membership Plugin For WordPress < 4.2.2 Authenticated Cross-Site Scripting
  • 114054 Simple Membership Plugin For WordPress < 4.3.5 Multiple Vulnerabilities
WAS Plugin Feed 202309200615

Sep 20, 2023, 6:15 AM

Modified Detection
  • 113580 Web Cache Deception
  • 113855 GiveWP Plugin for WordPress < 2.24.1 SQL Injection
  • 114006 Web Cache Poisoning Denial of Service
  • 114013 Download Manager Plugin for WordPress < 3.2.34 Multiple Vulnerabilities
  • 114014 Easy WP SMTP Plugin for WordPress < 1.5.2 Multiple Vulnerabilities
  • 114015 Events Manager Plugin for WordPress < 5.9.6 Stored Cross-Site Scripting
  • 114016 Events Manager Plugin for WordPress < 5.9.5 Stored Cross-Site Scripting
  • 114017 Everest Forms Plugin for WordPress < 1.8.0 Reflected Cross-Site Scripting
  • 114018 GiveWP Plugin for WordPress < 2.3.1 Cross-Site Scripting
  • 114019 WPBrigade LoginPress Plugin for WordPress < 1.6.3 Broken Access Control
  • 114020 WPBrigade LoginPress Plugin for WordPress < 1.5.12 Reflected Cross-Site Scripting
  • 114021 Ocean Extra Plugin for WordPress < 2.6.5 Insecure Deserialization
  • 114022 WooCommerce PDF Invoices & Packing Slips Plugin for WordPress < 3.0.1 Reflected Cross-Site Scripting
  • 114023 WooCommerce PDF Invoices & Packing Slips Plugin for WordPress < 2.10.5 Reflected Cross-Site Scripting
  • 114024 WP Data Access Plugin for WordPress < 5.3.8 Privilege Escalation
  • 114025 WP EasyCart Plugin for WordPress < 5.4.3 Local File Inclusions
  • 114026 WP EasyCart Plugin for WordPress < 2.0.6 Sensitive Information Disclosure
  • 114027 WP Fastest Cache Plugin for WordPress < 1.1.3
  • 114028 Backup and Staging by WP Time Capsule Plugin for WordPress < 1.21.16 Authentication Bypass
  • 114030 CraftCMS < 4.4.15 Remote Code Execution
  • 98070 Common Administration Interfaces Detection
  • 98129 Credit Card Number Disclosure
New
WAS Plugin Feed 202309110655

Sep 11, 2023, 6:55 AM

Modified Detection
  • 114012 Prometheus Sensitive Endpoint Detected
WAS Plugin Feed 202309060822

Sep 6, 2023, 8:22 AM

Modified Detection
  • 112805 JSONP Injection
  • 113987 PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988 PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007 PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114008 Apache Tomcat 11.0.0-M1 < 11.0.0-M11 Open Redirect
  • 114009 Apache Tomcat 10.1.0-M1 < 10.1.13 Open Redirect
  • 114010 Apache Tomcat 9.0.0-M1 < 9.0.80 Open Redirect
  • 114011 Apache Tomcat 8.5.x < 8.5.93 Open Redirect
  • 98115 SQL Injection
WAS Plugin Feed 202308300900

Aug 30, 2023, 9:00 AM

Modified Detection
  • 113162 MySQLjs SQL Injection Authentication Bypass
  • 113337 NoSQL Injection Authentication Bypass
  • 114006 Web Cache Poisoning Denial of Service
WAS Plugin Feed 202308290659

Aug 29, 2023, 6:59 AM

Modified Detection
  • 112615 OpenAPI File Detected
  • 112686 JSON Web Token Detected
  • 112703 JSON Web Token None Hashing Algorithm
  • 112808 Rails Mass Assignment
  • 98103 Unvalidated DOM redirect
  • 98109 DOM-based Cross-Site Scripting (XSS)
  • 98110 DOM-based Cross-Site Scripting (XSS) in attribute context
  • 98117 Blind SQL Injection (differential analysis)
  • 98119 Blind NoSQL Injection (differential analysis)
New
  • 113978 ActivityPub Username Enumeration
WAS Plugin Feed 202308091456

Aug 9, 2023, 2:56 PM

Modified Detection
  • 112439 Server-Side Request Forgery
  • 113338 Web Cache Poisoning
  • 113634 Server-Side Inclusion Injection
  • 113964 PHP 8.2.x < 8.2.7 Information Disclosure
  • 113965 PHP 8.1.x < 8.1.20 Information Disclosure
  • 113966 PHP 8.0.x < 8.0.29 Information Disclosure
  • 113986 Ninja Forms Plugin for WordPress < 3.6.26 Multiple Vulnerabilities
  • 113987 PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988 PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 113989 MediaWiki < 1.38.2 Unlimited Lexeme Length Denial Of Service
  • 113990 MediaWiki < 1.35.5 Multiple Vulnerabilities
  • 113991 MediaWiki 1.36.x < 1.36.3 Multiple Vulnerabilities
  • 113992 MediaWiki 1.37.x < 1.37.1 Multiple Vulnerabilities
  • 113993 MediaWiki < 1.37.0 Multiple Vulnerabilities
  • 113994 MediaWiki < 1.36.0 Invalid MediaWiki Abusefilter-blocker Breaks Filters
  • 113995 MediaWiki < 1.35.2 Oauth Overlength Rsa Key
  • 113996 MediaWiki < 1.37.3 Multiple Vulnerabilities
  • 113997 MediaWiki < 1.31.12 Special Contributions Hidden User Leakage
  • 113998 MediaWiki 1.32.x < 1.35.2 Special Contributions Hidden User Leakage
  • 113999 MediaWiki < 1.35.0 Multiple Vulnerabilities
  • 114000 MediaWiki < 1.23.16 Wiki Visitor IP Leakage
  • 114001 MediaWiki 1.24.x < 1.27.2 Wiki Visitor IP Leakage
  • 114002 MediaWiki 1.28.x < 1.28.1 Wiki Visitor IP Leakage
  • 114003 MediaWiki < 1.17.2 Deleted Text Exposure
  • 114004 MediaWiki 1.18.x < 1.18.1 Deleted Text Exposure
  • 98100 Path Traversal
  • 98116 NoSQL Injection
  • 98123 Operating System Command Injection
  • 98125 Local File Inclusion
  • 98127 LDAP Injection
  • 98779 Source Code Passive Disclosure
New
  • 114005 AYS Popup Box Plugin for WordPress < 3.1.3 Cross-Site Scripting
WAS Plugin Feed 202308020802

Aug 2, 2023, 8:02 AM

Modified Detection
  • 113115 Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113550 Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903 Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113979 Atlassian Confluence < 7.13.17 Read Only User Attachment Uploads Service
  • 113980 Atlassian Confluence 7.14.x < 7.19.9 Read Only User Attachment Uploads
  • 113981 Atlassian Confluence 7.20.x < 8.2.2 Read Only User Attachment Uploads
  • 113982 Atlassian Confluence 8.x < 8.3.2 Remote Code Execution
  • 113983 Atlassian Confluence 6.1.x < 7.13.20 Remote Code Execution
  • 113984 Atlassian Confluence 7.14.0 < 7.19.8 < Remote Code Execution
  • 113985 Atlassian Confluence 8.x < 8.2.0 Remote Code Execution
New
  • 113976 Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed 202307311300

Jul 31, 2023, 1:00 PM

Modified Detection
  • 112550 Full Path Disclosure
  • 112614 Server-Side Template Injection
  • 98779 Source Code Passive Disclosure
New
  • 113976 Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed 202307240920

Jul 24, 2023, 9:20 AM

Modified Detection
  • 113075 Apache Log4j Remote Code Execution (Log4Shell)
  • 113115 Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113335 DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113550 Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903 Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113971 Citrix Gateway / ADC Cross-Site Scripting
  • 98008 Web Application Firewall Detected
  • 98060 Missing 'X-Frame-Options' Header
  • 98072 Common Directories Detection
  • 98611 Error Message
  • 98612 Missing 'Expect-CT' Header (deprecated)
  • 98779 Source Code Passive Disclosure
  • 98828 PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
New
  • 113972 OpenID Connect Anonymous Account
  • 113973 Web Services Description Language (WSDL) File Detected
  • 113974 Web Application Description Language (WADL) File Detected
  • 113975 PHP Debug Bar Enabled
  • 113977 Odoo < 16.2022.12.24 Cross-Site Scripting
WAS Plugin Feed 202307130817

Jul 13, 2023, 8:17 AM

Modified Detection
  • 112540 SSL/TLS Certificate RSA Keys Less Than 2048 bits
  • 113075 Apache Log4j Remote Code Execution (Log4Shell)
  • 113335 DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113422 DotNetNuke Administration Panel Login Form Detected
  • 113449 WordPress Cron Enabled
  • 113716 Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole
  • 113904 Sitecore Unauthenticated User Enumeration
  • 113905 Sitecore Unauthenticated Arbitrary File Read
  • 113960 Apache Tomcat 11.0.0-M5 Information Disclosure
  • 113961 Apache Tomcat 10.1.8 Information Disclosure
  • 113962 Apache Tomcat 9.0.74 Information Disclosure
  • 113963 Apache Tomcat 8.5.88 Information Disclosure
  • 113971 Citrix Gateway / ADC Cross-Site Scripting
  • 98054 Unvalidated Redirection
  • 98126 Remote File Inclusion
  • 98649 Invalid Subresource Integrity
  • 98681 Sitemap.xml File Detected
WAS Plugin Feed 202307060627

Jul 6, 2023, 6:27 AM

Modified Detection
  • 112719 Client-Side Prototype Pollution
  • 113069 SQL Injection Authentication Bypass
  • 113162 MySQLjs SQL Injection Authentication Bypass
  • 113309 XPath Injection Authentication Bypass
  • 113317 Expression Language Injection
  • 113331 LDAP Injection Authentication Bypass
  • 113337 NoSQL Injection Authentication Bypass
  • 113903 Adobe ColdFusion ComponentFilter Remote Code Execution
  • 98042 Login Form Bruteforced
  • 98109 DOM-based Cross-Site Scripting (XSS)
  • 98139 Cookie Authentication Succeeded
  • 98681 Sitemap.xml File Detected
New
  • 113969 Social Login and Register for WordPress < 7.6.5 Authentication Bypass
  • 113970 Nuxt.js 3.4.x < 3.4.3 Remote Code Execution