Security Vulnerabilities - CVEs Published In August 2019
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
CVSS Score
7.5
EPSS Score
0.054
Published
2019-08-14
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-14
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
CVSS Score
6.1
EPSS Score
0.042
Published
2019-08-14
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-14
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-08-14
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-14