Security Vulnerabilities - CVEs Published In August 2019
The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-22
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-22
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22
The gnucommerce plugin before 1.4.2 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22