Security Vulnerabilities - CVEs Published In October 2019
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-10-10
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-10-10
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-10-10
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-10-10
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
CVSS Score
7.2
EPSS Score
0.006
Published
2019-10-10
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-10
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-10-10
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
CVSS Score
7.2
EPSS Score
0.008
Published
2019-10-10
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
CVSS Score
7.2
EPSS Score
0.007
Published
2019-10-10
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
CVSS Score
7.5
EPSS Score
0.06
Published
2019-10-10