Security Vulnerabilities, CVEs, Published In August 2019 CVSS score >= 3
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-30
Updated
2019-09-03
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-08-30
Updated
2019-09-03
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-08-30
Updated
2019-09-03
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.
Max CVSS
7.5
EPSS Score
0.19%
Published
2019-08-30
Updated
2020-08-24
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-30
Updated
2023-08-30
The webp-express plugin before 0.14.8 for WordPress has stored XSS.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-08-30
Updated
2019-09-03
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-08-30
Updated
2019-09-04
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-08-30
Updated
2019-09-04
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-08-30
Updated
2019-09-04
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.
Max CVSS
6.1
EPSS Score
0.07%
Published
2019-08-30
Updated
2023-01-30
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-08-30
Updated
2019-09-03
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-08-30
Updated
2019-09-03
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-08-30
Updated
2024-01-10
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
Max CVSS
4.8
EPSS Score
0.15%
Published
2019-08-30
Updated
2019-09-03
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
Max CVSS
8.8
EPSS Score
0.15%
Published
2019-08-30
Updated
2019-09-05
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-08-30
Updated
2019-09-03
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-08-30
Updated
2020-08-24
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-08-30
Updated
2020-08-24
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-08-30
Updated
2020-08-24
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-08-30
Updated
2020-08-24
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.
Max CVSS
9.8
EPSS Score
0.27%
Published
2019-08-30
Updated
2019-09-03
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-08-30
Updated
2020-08-24
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-08-30
Updated
2019-09-04
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-08-30
Updated
2020-08-24
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-08-30
Updated
2019-09-05