Security Vulnerabilities - CVEs Published In August 2019
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.005
Published
2019-08-28
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-28
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-28
The my-calendar plugin before 3.1.10 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.047
Published
2019-08-28
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-08-28
The gigpress plugin before 2.3.11 for WordPress has XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-08-28
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-28