Security Vulnerabilities - CVEs Published In September 2019
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-26
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-26
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-09-26
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-26
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-09-26
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-26
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-26
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-26
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-26
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-09-26