Skip to main content
CVE-2019-15820 MEDIUM POC This Month

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Login Or Logout Menu Item
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-15818 MEDIUM POC This Month

The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Simple 301 Redirects
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-15837 MEDIUM POC This Month

The webp-express plugin before 0.14.8 for WordPress has stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Webp Express
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-15827 MEDIUM POC This Month

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Onesignal Free Web Push Notifications
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-15829 MEDIUM POC This Month

The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress PHP Gallery Photoblocks
NVD
CVSS 3.0
4.8
EPSS
1.3%
CVE-2019-9697 MEDIUM This Month

An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Management Center
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-15842 MEDIUM This Month

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Pdf Restaurant Menu Upload
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15838 MEDIUM This Month

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Custom 404 Pro
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15833 MEDIUM This Month

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Simple Mail Address Encoder
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-15817 MEDIUM This Month

The easy-property-listings plugin before 3.4 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Property Listings
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15836 MEDIUM PATCH This Month

The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Ultimate Recipe
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-15830 MEDIUM This Month

The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Icegram Engage
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-1969 MEDIUM This Month

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-12753 MEDIUM This Month

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Reporter
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2019-12754 MEDIUM This Month

Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vip
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-11658 MEDIUM This Month

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Content Manager
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-2389 MEDIUM PATCH This Month

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure MongoDB
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy