Security Vulnerabilities - CVEs Published In August 2019
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-22
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-08-22
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
CVSS Score
9.1
EPSS Score
0.005
Published
2019-08-22
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The cforms2 plugin before 10.2 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-22
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
CVSS Score
7.2
EPSS Score
0.002
Published
2019-08-22
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVSS Score
7.5
EPSS Score
0.032
Published
2019-08-22