Security Vulnerabilities - CVEs Published In August 2019
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-27
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.
CVSS Score
9.8
EPSS Score
0.324
Published
2019-08-27
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-08-27
The wp-polls plugin before 2.72 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-27
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-27
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-27
The wp-members plugin before 3.2.8 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-27
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-08-27