Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2014-10386
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-08-22
CVE-2019-15331
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
CVE-2016-10930
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-08-22
CVE-2017-18586
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.
CVSS Score
9.1
EPSS Score
0.005
Published
2019-08-22
CVE-2018-20988
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
CVE-2019-12385
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-08-22
CVE-2019-12386
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
CVE-2019-15060
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-08-22
CVE-2014-10387
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved