CVE-2019-25139
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to...
CVE-2019-25140
The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and...
CVE-2019-25141
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability...
CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is...
CVE-2019-25143
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions...
CVE-2019-25144
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This...
CVE-2019-25145
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and...
CVE-2016-15033
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file...
CVE-2019-25138
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions...
DSA-5419 c-ares – security update
Two vunerabilities were discovered in c-ares, an asynchronous name resolver library: Read More