Security Vulnerabilities - CVEs Published In September 2019
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-20
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-20
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-20
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-09-20
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-09-20
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-09-20
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-20
The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
The relevant plugin before 1.0.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20