Security Vulnerabilities - CVEs Published In August 2019
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-08-22
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-22
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The corner-ad plugin before 1.0.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
CVSS Score
8.1
EPSS Score
0.005
Published
2019-08-22
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-22
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-08-22
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-08-22
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-08-22