Weekly Updates: a new vulnerability is published on the National Vulnerability Database (30 items)

New vulnerabilities from the NVD: CVE-2015-9306 The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. Published at: August 12, 2019 at 06:15PM View on website August 12, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9305 The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. Published at: August 12, 2019 at 06:15PM View on website August 12, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9304 The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. Published at: August 12, 2019 at 07:15PM View on website August 12, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9303 The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. Published at: August 12, 2019 at 07:15PM View on website August 12, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9302 The simple-fields plugin before 1.4.11 for WordPress has XSS. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9301 The liveforms plugin before 3.2.0 for WordPress has SQL injection. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9300 The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9299 The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9298 The events-manager plugin before 5.6 for WordPress has code injection. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9297 The events-manager plugin before 5.6 for WordPress has XSS. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9296 The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9295 The contact-form-plugin plugin before 3.96 for WordPress has XSS. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9294 The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9293 The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7475 The contact-form-plugin plugin before 3.52 for WordPress has XSS. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6713 The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. Published at: August 13, 2019 at 08:15PM View on website August 13, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10375 handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. Published at: August 14, 2019 at 08:15AM View on website August 14, 2019 at 03:03PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9316 The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. Published at: August 14, 2019 at 06:15PM View on website August 14, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9315 The newstatpress plugin before 1.0.1 for WordPress has SQL injection. Published at: August 14, 2019 at 06:15PM View on website August 14, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9314 The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. Published at: August 14, 2019 at 06:15PM View on website August 14, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9313 The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. Published at: August 14, 2019 at 06:15PM View on website August 14, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9312 The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. Published at: August 14, 2019 at 06:15PM View on website August 14, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9311 The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. Published at: August 14, 2019 at 06:15PM View on website August 14, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9310 The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. Published at: August 14, 2019 at 07:15PM View on website August 14, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9309 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. Published at: August 14, 2019 at 07:15PM View on website August 14, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9308 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. Published at: August 14, 2019 at 07:15PM View on website August 14, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9307 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. Published at: August 14, 2019 at 07:15PM View on website August 14, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7476 The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. Published at: August 14, 2019 at 07:15PM View on website August 14, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9292 (6kbbs) 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). Published at: August 09, 2019 at 12:15AM View on website August 15, 2019 at 07:59PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10376 The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. Published at: August 17, 2019 at 12:15AM View on website August 17, 2019 at 01:46AM via National Vulnerability Database