This page collects WhisperX intelligence signals tagged #plugin. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A widely used plugin has been flagged for bundling a critically vulnerable version of the pdf.js library, exposing installations to a high-severity cross-site scripting (XSS) attack vector. The vulnerability, tracked as CVE-2024-4367, is present in the plugin's version 0.16.0 and was detected by security scanning tools...
A vulnerability in the WordPress plugin Notice Tracker creates a mechanism by which stored cross-site scripting (XSS) vulnerabilities in other installed plugins can be amplified into persistent attacks affecting an entire WordPress installation. The flaw, documented as CVE candidates under CWE-79, centers on unescaped ...
Checkmarx has confirmed that a malicious version of its Jenkins Application Security Testing (AST) plugin was published on the official Jenkins Marketplace, exposing software developers who downloaded the rogue package to infostealer malware. The company issued a warning over the weekend after identifying the fraudulen...