CVE-2019-15317
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
Source: CVE-2019-15317
[월:] 2019년 08월
CVE-2019-15314
CVE-2019-15314
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
Source: CVE-2019-15314
CVE-2019-14511
CVE-2019-14511
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).
Source: CVE-2019-14511
CVE-2016-10921
CVE-2016-10921
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
Source: CVE-2016-10921
CVE-2018-20981
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Source: CVE-2018-20981
CVE-2018-20982
CVE-2018-20982
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.
Source: CVE-2018-20982
CVE-2018-20980
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
Source: CVE-2018-20980
CVE-2017-18572
CVE-2017-18573
CVE-2017-18573
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
Source: CVE-2017-18573
CVE-2017-18570
CVE-2017-18570
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
Source: CVE-2017-18570