Security Vulnerabilities - CVEs Published In August 2019
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-30
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-30
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-30
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-30
The easy-property-listings plugin before 3.4 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-30
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-30
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.
CVSS Score
9.8
EPSS Score
0.013
Published
2019-08-30
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-30
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-30
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-08-30