Security Vulnerabilities - CVEs Published In September 2019
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-26
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
CVSS Score
4.6
EPSS Score
0.002
Published
2019-09-26
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-26
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-26
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-26
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-09-26
The Postmatic plugin before 1.4.6 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-26
The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-09-26
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-26
The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-09-26