Monthly Archive: August 2019

The photo-gallery plugin before 1.2.42 for WordPress has CSRF. Date published : 2019-08-30 Photo Gallery by 10Web – Mobile-Friendly Image Gallery https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user...

Incorrect scoping of kill operations in MongoDB Server’s packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the...

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. Date published : 2019-08-30 Easy restaurant menu upload

The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. Date published : 2019-08-30 Facebook for WooCommerce

The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. Date published : 2019-08-30 Facebook for WooCommerce

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. Date published : 2019-08-30 Sina Extension for Elementor https://wpvulndb.com/vulnerabilities/9368

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. Date published : 2019-08-30 Custom 404 Pro https://wpvulndb.com/vulnerabilities/9857

The webp-express plugin before 0.14.8 for WordPress has stored XSS. Date published : 2019-08-30 WebP Express https://wpvulndb.com/vulnerabilities/9389

The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. Date published : 2019-08-30 https://wordpress.org/plugins/wp-ultimate-recipe/#developers https://wpvulndb.com/vulnerabilities/9394

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. Date published : 2019-08-30 WP Better Permalinks https://wpvulndb.com/vulnerabilities/9398

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. Date published : 2019-08-30 WebP Converter for Media – Convert WebP and AVIF & Optimize Images https://wpvulndb.com/vulnerabilities/9400

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. Date published : 2019-08-30 https://wordpress.org/plugins/simple-mail-address-encoder/#developers https://wpvulndb.com/vulnerabilities/9418

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. Date published : 2019-08-30 Visitor Traffic Real Time Statistics https://wpvulndb.com/vulnerabilities/9420