Weekly Updates: a new vulnerability is published on the National Vulnerability Database (32 items)

New vulnerabilities from the NVD: CVE-2014-10381 The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. Published at: August 20, 2019 at 06:15PM View on website August 20, 2019 at 08:29PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7476 (simple_fields) The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. Published at: August 14, 2019 at 07:15PM View on website August 20, 2019 at 08:29PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-5328 The user-access-manager plugin before 1.2 for WordPress has CSRF. Published at: August 20, 2019 at 06:15PM View on website August 20, 2019 at 08:29PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9321 The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg. Published at: August 21, 2019 at 03:15PM View on website August 21, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10380 The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. Published at: August 21, 2019 at 09:15PM View on website August 21, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10379 The duplicate-post plugin before 2.6 for WordPress has SQL injection. Published at: August 21, 2019 at 10:15PM View on website August 21, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10378 The duplicate-post plugin before 2.6 for WordPress has XSS. Published at: August 21, 2019 at 10:15PM View on website August 21, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10377 The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. Published at: August 21, 2019 at 10:15PM View on website August 21, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6715 The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. Published at: August 21, 2019 at 09:15PM View on website August 21, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6714 The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. Published at: August 21, 2019 at 10:15PM View on website August 21, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7481 The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7480 The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7479 The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7478 The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7477 The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6716 The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-5158 The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. Published at: August 22, 2019 at 04:15PM View on website August 22, 2019 at 05:31PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10385 The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. Published at: August 22, 2019 at 05:15PM View on website August 22, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10384 The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. Published at: August 22, 2019 at 05:15PM View on website August 22, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10383 The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. Published at: August 22, 2019 at 05:15PM View on website August 22, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7482 The reflex-gallery plugin before 1.4.3 for WordPress has XSS. Published at: August 22, 2019 at 05:15PM View on website August 22, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-7321 The tubepress plugin before 1.6.5 for WordPress has XSS. Published at: August 22, 2019 at 05:15PM View on website August 22, 2019 at 07:44PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10394 The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10392 The cforms2 plugin before 10.2 for WordPress has XSS. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10391 The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10390 The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10389 The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10388 The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10387 The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. Published at: August 22, 2019 at 10:15PM View on website August 22, 2019 at 11:43PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10386 The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. Published at: August 22, 2019 at 11:15PM View on website August 23, 2019 at 01:31AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10382 The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. Published at: August 22, 2019 at 11:15PM View on website August 23, 2019 at 01:31AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7483 The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Published at: August 22, 2019 at 11:15PM View on website August 23, 2019 at 01:31AM via National Vulnerability Database