Skip to main content
CVE-2019-15826 CRITICAL POC Act Now

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP WordPress Wps Hide Login
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-15825 CRITICAL POC Act Now

The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wps Hide Login
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-15824 CRITICAL POC Act Now

The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wps Hide Login
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-15823 CRITICAL POC Act Now

The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wps Hide Login
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2019-15819 CRITICAL POC Act Now

The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Restaurant Reservations
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-15832 HIGH POC This Week

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visitor Traffic Real Time Statistics
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-15828 HIGH POC This Week

The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF One Click Ssl
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-15816 HIGH POC This Week

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Private Content Plus
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-5611 HIGH POC PATCH This Week

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-15820 MEDIUM POC This Month

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Login Or Logout Menu Item
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-15818 MEDIUM POC This Month

The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Simple 301 Redirects
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-15822 CRITICAL Act Now

The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal WordPress Wps Child Theme Generator
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-5608 CRITICAL PATCH Act Now

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freebsd Clustered Data Ontap
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-15837 MEDIUM POC This Month

The webp-express plugin before 0.14.8 for WordPress has stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Webp Express
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-15827 MEDIUM POC This Month

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Onesignal Free Web Push Notifications
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-15841 HIGH This Week

The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Facebook For Woocommerce
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15840 HIGH This Week

The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Facebook For Woocommerce
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15835 HIGH PATCH This Week

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Better Permalinks
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15834 HIGH PATCH This Week

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Webp Converter For Media
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15831 HIGH This Week

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Visitor Traffic Real Time Statistics
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15829 MEDIUM POC This Month

The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress PHP Gallery Photoblocks
NVD
CVSS 3.0
4.8
EPSS
1.3%
CVE-2019-13526 HIGH This Week

Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Av7000 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2019-12810 HIGH This Week

A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Alsee
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-2390 HIGH This Week

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection OpenSSL Microsoft RCE MongoDB
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1966 HIGH This Week

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os Unified Computing System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15839 HIGH This Week

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Sina Extension For Elementor
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-15630 HIGH This Week

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Api Gateway Mule Runtime
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-15026 HIGH PATCH This Week

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Memcached
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-15821 HIGH This Week

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Bold Page Builder
NVD
CVSS 3.0
7.5
EPSS
11.0%
CVE-2019-6113 HIGH This Week

Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tx Nr686 Firmware
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-5612 HIGH This Week

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-5610 HIGH PATCH This Week

In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-5609 HIGH PATCH This Week

In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freebsd
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-1977 HIGH This Week

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1968 HIGH This Week

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-1967 HIGH This Week

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12402 HIGH PATCH This Week

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Commons Compress Fedora Banking Payments +16
NVD
CVSS 3.1
7.5
EPSS
16.2%
CVE-2019-9697 MEDIUM This Month

An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Management Center
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-15842 MEDIUM This Month

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Pdf Restaurant Menu Upload
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15838 MEDIUM This Month

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Custom 404 Pro
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15833 MEDIUM This Month

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Simple Mail Address Encoder
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-15817 MEDIUM This Month

The easy-property-listings plugin before 3.4 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Property Listings
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15836 MEDIUM PATCH This Month

The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Ultimate Recipe
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-15830 MEDIUM This Month

The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Icegram Engage
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-1969 MEDIUM This Month

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-12753 MEDIUM This Month

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Reporter
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2019-12754 MEDIUM This Month

Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vip
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-11658 MEDIUM This Month

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Content Manager
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-2389 MEDIUM PATCH This Month

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure MongoDB
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy