Security Vulnerabilities - CVEs Published In September 2019
The avada theme before 5.1.5 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-10
The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-10
The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-10
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-10
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-10
The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-10
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-10
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-09-10
The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-10
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-10