CVE-2019-15833
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.
Source: CVE-2019-15833
[월:] 2019년 08월
CVE-2019-15831
CVE-2019-15831
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
Source: CVE-2019-15831
CVE-2019-15832
CVE-2019-15832
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
Source: CVE-2019-15832
CVE-2019-15830
CVE-2019-15830
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.
Source: CVE-2019-15830
CVE-2019-15829
CVE-2019-15829
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
Source: CVE-2019-15829
CVE-2019-15828
CVE-2019-15827
CVE-2019-15827
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
Source: CVE-2019-15827
CVE-2019-15826
CVE-2019-15826
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Source: CVE-2019-15826
CVE-2019-15823
CVE-2019-15823
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Source: CVE-2019-15823
CVE-2019-15816
CVE-2019-15816
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.
Source: CVE-2019-15816