|
223111
|
4.9 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
|
CWE-22
Path Traversal
|
CVE-2019-14798
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223112
|
5.4 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14797
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223113
|
5.4 |
MEDIUM
Network
|
mq-woocommerce-products-price-bulk-edit_project
|
mq-woocommerce-products-price-bulk-edit
|
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_lim…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14796
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223114
|
7.5 |
HIGH
Network
|
metabox
|
meta_box
|
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
|
CWE-19
Data Processing Errors
|
CVE-2019-14794
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223115
|
6.1 |
MEDIUM
Network
|
codepeople
|
appointment_booking_calendar
|
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14791
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223116
|
6.1 |
MEDIUM
Network
|
foliovision
|
fv_flowplayer_video_player
|
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14799
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223117
|
6.5 |
MEDIUM
Network
|
metabox
|
meta_box
|
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.
|
CWE-862
Missing Authorization
|
CVE-2019-14793
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223118
|
5.4 |
MEDIUM
Network
|
codecabin
|
wp_go_maps
|
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14792
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223119
|
5.4 |
MEDIUM
Network
|
tribulant
|
newsletters
|
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14787
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223120
|
5.4 |
MEDIUM
Network
|
codepeople
|
cp_contact_form_with_paypal
|
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14785
|
2024-11-21 13:27 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
