Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15842 |
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15841 |
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15840 |
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15839 |
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-15838 |
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15837 |
The webp-express plugin before 0.14.8 for WordPress has stored XSS. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15836 |
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15835 |
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15834 |
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15630 |
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. Published: August 30, 2019; 1:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-12810 |
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. Published: August 30, 2019; 1:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-2390 |
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22. Published: August 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-2389 |
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. Published: August 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 4.2 MEDIUM V2.0: 1.9 LOW |
CVE-2019-15026 |
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Published: August 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-15833 |
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. Published: August 30, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15832 |
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15831 |
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15830 |
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15829 |
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15828 |
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |