Security Vulnerabilities - CVEs Published In August 2019
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-22
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-08-22
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).
CVSS Score
7.5
EPSS Score
0.007
Published
2019-08-22
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22