Security Vulnerabilities - CVEs Published In August 2019
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-29
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-29
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-29
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-29
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-29
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-29
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-29
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-29
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-29
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-29