Security Vulnerabilities - CVEs Published In September 2019
The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-17
The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
CVSS Score
6.1
EPSS Score
0.012
Published
2019-09-17
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-09-17
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-17
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
CVSS Score
5.4
EPSS Score
0.015
Published
2019-09-17
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-09-17
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-17
The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-09-17
The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-09-17
The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-09-17