Security Vulnerabilities - CVEs Published In August 2019
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-30
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-30
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-30
The webp-express plugin before 0.14.8 for WordPress has stored XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-08-30
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-30
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-08-30
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-30
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-30
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-30
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-30
Page 1