Security Vulnerabilities
- CVEs Published In August 2019
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.