Security Vulnerabilities - CVEs Published In August 2019
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-08-09
studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-08-09
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-09
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-08-09
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-09
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-08-09
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
CVSS Score
4.9
EPSS Score
0.007
Published
2019-08-09
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-09
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-08-09
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-09