Security Vulnerabilities - CVEs Published In January 2018
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-13
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-13
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-13
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-13
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-13