Security Vulnerabilities - CVEs Published In September 2019
The quotes-and-tips plugin before 1.20 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-20
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-20
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-20
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-20
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
CVSS Score
7.2
EPSS Score
0.031
Published
2019-09-20
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-09-20
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-09-20