CVE-2019-14789
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.
Source: CVE-2019-14789
[월:] 2019년 08월
CVE-2019-14788
CVE-2019-14788
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
Source: CVE-2019-14788
CVE-2019-14786
CVE-2019-14786
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
Source: CVE-2019-14786
CVE-2019-14784
CVE-2019-14784
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
Source: CVE-2019-14784
CVE-2019-14518
CVE-2019-14518
** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel."
Source: CVE-2019-14518
CVE-2019-13578
CVE-2019-13578
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
Source: CVE-2019-13578
CVE-2019-3418
CVE-2019-3418
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.
Source: CVE-2019-3418
CVE-2019-3417
CVE-2019-3417
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
Source: CVE-2019-3417
CVE-2019-15081
CVE-2019-15081
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
Source: CVE-2019-15081
CVE-2019-14800
CVE-2019-14800
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
Source: CVE-2019-14800