Security Vulnerabilities - CVEs Published In August 2019
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-20
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-08-20
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-20
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-20
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-20
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-08-20
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-20
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-20
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-08-20
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-20