Security Vulnerabilities - CVEs Published In September 2019
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-09-13
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-09-13
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
CVSS Score
7.2
EPSS Score
0.007
Published
2019-09-13
The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-13
The Headway theme before 3.8.9 for WordPress has XSS via the license key field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-13
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
CVSS Score
7.2
EPSS Score
0.006
Published
2019-09-13
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-13
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-13
The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-09-13
The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-09-13