CVE-2019-15659
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.
Source: CVE-2019-15659
[월:] 2019년 08월
CVE-2019-15648
CVE-2019-15648
The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber.
Source: CVE-2019-15648
CVE-2019-13235
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
Source: CVE-2019-13235
CVE-2018-21005
CVE-2018-21005
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.
Source: CVE-2018-21005
CVE-2019-15643
CVE-2018-21004
CVE-2018-21004
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
Source: CVE-2018-21004
CVE-2018-21003
CVE-2018-21003
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
Source: CVE-2018-21003
CVE-2019-13237
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
Source: CVE-2019-13237
CVE-2019-15644
CVE-2019-15644
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
Source: CVE-2019-15644
CVE-2019-15647
CVE-2019-15647
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.
Source: CVE-2019-15647