Serhyo
February 27, 2019, 12:57pm
181
2019.02.27
XSS vulnerability in spam-byebye 2.2.1 plugin for WordPress (CVE-2018-16206)
XSS and Directory Traversal vulnerability in Media File Manager plugin 1.4.2 for WordPress (CVE-2018-19040, CVE-2018-19041, CVE-2018-19042, CVE-2018-19043)
XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress
XSS vulnerability in Strong Testimonials plugin 2.3.14 and below for WordPress
XSS vulnerability in Ultimate Form Builder Lite versions 1.3.7 and below plugin for WordPress
XSS vulnerability in Hide Adsense Ads for specific countries plugin 1.5 for WordPress
XSS vulnerability in Contact Form Maker plugin v1.2.20 and below for WordPress
SQL and XSS vulnerability in Doctor Appointment Booking Plugin v1.0.0 for WordPress
XSS vulnerability in YOP POLL Plugin v6.0.2 for WordPress
Serhyo
March 6, 2019, 4:32pm
182
2019.03.06
CSRF vulnerability in YzmCMS 3.8 (CVE-2018-10223)
SQLi vulnerability in Cleanto 5.0 (CVE-2019-6295, CVE-2019-6296)
SQL injection vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13447, CVE-2018-13450)
SQL injection vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13447, CVE-2018-13450)
SQL injection vulnerability in Dolibarr ERP/CRM 8.0.2 (CVE-2018-19994)
CSRF vulnerability in FrontAccounting 2.4.3 (CVE-2018-7176)
XSS vulnerability in FUEL CMS 1.4.3 (CVE-2018-20137)
CSRF vulnerability in CScms 4.1 (CVE-2019-6779)
XSS vulnerability in Kanboard before 1.2.8 (CVE-2019-7324)
XSS vulnerability in Metinfo 6.1.3 (CVE-2018-19050)
XSS vulnerability in Metinfo 6.1.3 (CVE-2018-19051)
Serhyo
March 12, 2019, 5:27pm
183
2019.03.12
Arbitrary Code Execution vulnerability in Total Donations plugin through 2.0.5 for WordPress (CVE-2019-6703)
XSS vulnerability in Dolibarr ERP/CRM 8.0.2 (CVE-2018-19992, CVE-2018-19995)
XSS vulnerability in ForkCMS 5.0.6 (CVE-2018-20682)
XSS vulnerability in CuppaCMS through 2018-09-03 release (CVE-2018-17300)
XSS vulnerability in Cacti before 1.2.0 (CVE-2018-20723, CVE-2018-20724, CVE-2018-20725 and CVE-2018-20726)
Directory traversal vulnerability in webERP 4.15 (CVE-2018-20420)
XSS vulnerability in Creatiwity wityCMS 0.6.1 (CVE-2018-11512)
XSS vulnerability in Cacti before 1.1.18 (CVE-2017-12978)
XSS vulnerability in ATutor through v2.2.4 (CVE-2019-7172)
XSS vulnerability in ZoneMinder through 1.32.3 (CVE-2019-6990, CVE-2019-6992, CVE-2019-7326, CVE-2019-7338, CVE-2019-7339, CVE-2019-7340, CVE-2019-7341, CVE-2019-7342, CVE-2019-7343, CVE-2019-7345, CVE-2019-7348, CVE-2019-7349, CVE-2019-7352)
Arbitrary code execution vulnerability in Metinfo 6.x. (CVE-2019-7718)
CSRF vulnerability Hide Adsense Ads for specific countries plugin 1.5 for WordPress
Serhyo
March 21, 2019, 2:18pm
184
2019.03.21
SQLi vulnerability in J2Store plugin 3.x before 3.3.7 for Joomla! (CVE-2019-9184)
XSS vulnerability in Quiz and Survey Master Plugin v6.0.4 for WordPress (CVE-2019-9575)
SQLi vulnerability in Forminator Contact Form, Poll & Quiz Builder plugin before 1.6 for WordPress (CVE-2019-9568)
Arbitrary code execution vulnerability in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 (CVE-2019-6340)
XSS vulnerability in Metinfo 6.1.3 (CVE-2018-19835)
XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2019-9110)
XSS vulnerability in Collabtive 1.3
XSS vulnerability in Font Organizer plugin 2.1.1 for WordPress
SQL vulnerability in WordPress Booking Calendar Plugin v8.4.3 for WordPress
XSS vulnerability in Geo Mashup Options plugin 1.11.4 for WordPress
XSS vulnerability in LightGallery plugin 1.0.3 for WordPress
XSS vulnerability in WP Product Gallery Lite plugin 1.0.4 for WordPress
Serhyo
March 28, 2019, 10:03am
185
2019.03.28
SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)
XSS vulnerability in Blog2Social plugin v5.0.2 for Wordpress (CVE-2019-9576)
XSS vulnerability in ZoneMinder through 1.32.3 (CVE-2019-7327, CVE-2019-7328, CVE-2019-7330, CVE-2019-7332, CVE-2019-7336, CVE-2019-7337, CVE-2019-7344)
XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2019-9107, CVE-2019-9109)
CSRF vulnerability in WUZHI CMS 4.1.0 (CVE-2018-18712)
CSRF vulnerability in YzmCMS v5.2 (CVE-2018-20015)
CSRF vulnerability in CmsEasy 6.1 (CVE-2018-11679)
XSS vulnerability in MOPCMS (CVE-2019-9016)
Arbitrary File Download exists in RhinOS CMS v3.x (CVE-2018-18760)
SQL vulnerability exists in Bo-blog Wind CMS (CVE-2019-7587)
XSS vulnerability exists in imcat v4.5 (CVE-2019-8436)
XSS vulnerability in the MODX Revolution through v2.7.0-pl (CVE-2018-20755)
Arbitrary File Download vulnerability in Ad Manager WD Plugin v1.0.11 for WordPress
SQL vulnerability in Rukovoditel Project Management CRM 2.4.1
Serhyo
April 8, 2019, 4:01pm
186
2019.04.08
CSRF vulnerability in Smart Forms plugin before 1.2.2 for WordPress (CVE-2019-5920)
XSS vulnerability in YzmCMS 5.2 (CVE-2019-9660, CVE-2019-9661)
XSS vulnerability in the MODX Revolution through v2.7.0-pl (CVE-2018-20756,CVE-2018-20757)
XSS vulnerability in YzmCMS 5.2 (CVE-2019-9570)
Arbitrary code Injection exists in PHPMyWind CMS v5.5 (CVE-2018-17131)
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (CVE-2014-5462)
XSS and Directory Traversal vulnerability in SP Easy Image Gallery 1.5 component for Joomla
SQL injection vulnerability in WP AutoSuggest plugin 0.24 for WordPress
SQL vulnerability in ResourceSpace 8.6
Serhyo
April 23, 2019, 12:42pm
187
2019.04.23
Disabled by default rules 240330-240336
XSS vulnerability in WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress (CVE-2019-7299)
XSS vulnerability exists in Maccms v8.4 (CVE-2019-8410)
XSS vulnerability in SEMCMS V3.4 (CVE-2018-18840, CVE-2018-18841)
XSS vulnerability exists in WTCMS (CVE-2019-8911)
XSS vulnerability in social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 plugin for WordPress (CVE-2019-9911)
Directory traversal vulnerability exists in imcat (CVE-2018-20610)
XSS vulnerability exists in verydows cms (CVE-2019-7753)
XSS vulnerability in social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 plugin for WordPress (CVE-2019-9911)
XSS vulnerability in wp-google-maps plugin before 7.10.43 for WordPress (CVE-2019-9912)
SQL injection vulnerabilities in the TeamPass before 2.1.20 (CVE-2014-3773)
XSS vulnerabilities in pfSense before 2.1.4 (CVE-2014-4687)
CSRF vulnerability in CScms 4.1 (CVE-2018-16337)
XSS vulnerability in Event Geek plugin 2.5.2 for WordPress
Arbitrary File Download exists in OpenSTA Manager v2.3
Rules in 27_WpPlugin reordered
Serhyo
May 8, 2019, 3:32pm
188
2019.05.08
SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)
XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5653, CVE-2018-5654 and CVE-2018-5655)
XSS vulnerability in Crony Cronjob Manager plugin before 0.4.7 for WordPress (CVE-2017-14530)
XSS vulnerability in Responsive-coming-soon-page plugin 1.1.18 for WordPress (CVE-2018-5657, CVE-2018-5659, CVE-2018-5660, CVE-2018-5661, CVE-2018-5662, CVE-2018-5663, CVE-2018-5664, CVE-2018-5665 and CVE-2018-5666)
XSS vulnerability in Booking-calendar plugin 2.1.7 for WordPress (CVE-2018-5670, CVE-2018-5671 and CVE-2018-5672)
XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5667 and CVE-2018-5668)
XSS vulnerability in ImageInject plugin 1.15 for WordPress (CVE-2018-5284)
XSS vulnerability in WPGlobus plugin 1.9.6 for WordPress (CVE-2018-5362, CVE-2018-5363, CVE-2018-5364, CVE-2018-5365, CVE-2018-5366 and CVE-2018-5367)
XSS vulnerability in SrbTransLatin plugin 1.46 for WordPress (CVE-2018-5369)
XSS vulnerability in FlickrRSS plugin 5.3.1 for WordPress (CVE-2018-6466, CVE-2018-6468 and CVE-2018-6469)
XSS vulnerability in Metronet Tag Manager plugin version 1.2.7 for WordPress (CVE-2018-1000506)
XSS vulnerability in File Manager plugin 3.0 for WordPress (CVE-2018-16967)
XSS vulnerability in WP Fastest Cache 0.8.8.5 for WordPress (CVE-2018-17585)
XSS vulnerability in Acurax-social-media-widget plugin before 3.2.6 for WordPress (CVE-2018-6357)
XSS Vulnerability in Improved user search in backend plugin before 1.2.5 (CVE-2014-5196)
Arbitrary File Delete exists in PHPMyWind CMS v5.5 (CVE-2019-7403)
XSS vulnerability in Doctor Appointment Booking Plugin v1.0.0 for WordPress
Serhyo
May 15, 2019, 4:51pm
189
2019.05.15
CSRF vulnerability in the DiliCMS through 2.4.0 (CVE-2018-19291)
CSRF vulnerability in YzmCMS 3.8 (CVE-2018-10224)
XSS vulnerability exists in UCMS v1.4.7 (CVE-2018-20600)
LFI vulnerability in WebDorado Contact Form Builder plugin before 1.0.69 for WordPress (CVE-2019-11557)
XSS vulnerability in King Composer Plugin v2.x for WordPress (CVE-2019-9910)
LFI vulnerability in WordPress through 5.0.3 (CVE-2019-8943)
Serhyo
May 22, 2019, 12:36pm
190
2019.05.22
Directory Traversal vulnerability in Joomla before 3.9.5 (CVE-2019-10945)
XSS vulnerability in ProFiles 1.5 component for Joomla (CVE-2018-18276)
LFI vulnerability in WebDorado Contact Form Builder plugin before 1.13.5 for WordPress (CVE-2019-11590)
XSS vulnerability in Donation Plugin and Fundraising Platform (give) plugin for WordPress (CVE-2019-9909)
XSS vulnerability exists in Calendar plugin on or before 1.3.10 for WordPress (CVE-2018-18872)
XSS vulnerability in Custom Field Suite plugin on or before 2.5.14 for WordPress (CVE-2019-11871)
XSS vulnerability in Duplicate Page plugin 3.3 or before for WordPress
XSS vulnerability in Contact People plugin 3.2.4 for WordPress
XSS vulnerability in Creative Image Slider component 3.1.0 for Joomla
FP fix
Serhyo
May 31, 2019, 10:03am
191
2019.05.31
SQL vulnerability exists in SEACMS (CVE-2018-16445)
XSS vulnerability exists in SEACMS v6.64 or below (CVE-2018-17321)
XSS vulnerability exists in Peel Shopping v9_1 (CVE-2018-1000887)
XSS vulnerability exists in SEACMS on v6.61 or below (CVE-2018-12431)
SQL injection vulnerability in LibreNMS (CVE-2018-18478)
XSS vulnerability exists in Omeka before v2.6.1 (CVE-2018-13423)
RFI vulnerability in social warfare plugin before 3.5.3 for WordPress(CVE-2019-9978)
XSS vulnerability in idreamsoft iCMS V7.0.14 (CVE-2019-11426)
XSS vulnerability exists in Photo gallery WD on or before 1.3.66 for Wordpress
Directory traversal vulnerability in Health Check and Troubleshooting plugin on or before 1.2.3 for WordPress
XSS vulnerability in Pie Register Plugin 3.1 for WordPress
SQL vulnerability exists in Ashop Shopping Cart Software
FP fix
Serhyo
June 21, 2019, 2:17pm
192
2019.06.21
SQL vulnerability exists in SEACMS (CVE-2018-16445)
XSS vulnerability exists in SEACMS v6.64 or below (CVE-2018-17321)
XSS vulnerability exists in Peel Shopping v9_1 (CVE-2018-1000887)
XSS vulnerability exists in SEACMS on v6.61 or below (CVE-2018-12431)
SQL injection vulnerability in LibreNMS (CVE-2018-18478)
XSS vulnerability exists in Omeka before v2.6.1 (CVE-2018-13423)
RFI vulnerability in social warfare plugin before 3.5.3 for WordPress(CVE-2019-9978)
XSS vulnerability in idreamsoft iCMS V7.0.14 (CVE-2019-11426)
XSS vulnerability exists in Photo gallery WD on or before 1.3.66 for Wordpress
Directory traversal vulnerability in Health Check and Troubleshooting plugin on or before 1.2.3 for WordPress
XSS vulnerability in Pie Register Plugin 3.1 for WordPress
SQL vulnerability exists in Ashop Shopping Cart Software
FP fix
Serhyo
June 25, 2019, 2:50pm
193
2019.06.25
XSS vulnerability exists in Appointment Hour Booking Plugin v 1.1.35 or possibly below for WordPress
Arbitrary File Download vulnerability in Simple File List plugin v3.2.4 or before WordPress
XSS vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress
XSS vulnerability exists in Event Calendar WD Plugin v 1.1.21 or below For WordPress (CVE-2018-16164)
Directory Traversal vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress
Serhyo
July 4, 2019, 4:25pm
194
2019.07.04
LFI and CSRF vulnerability in WebDorado Contact Form Builder plugin, 10Web Form Maker plugin before 1.13.5 for WordPress (CVE-2019-11591)
XSS vulnerability exists in Wordpress Hostel Plugin on or before 1.1.3 (CVE-2019-12345)
XSS vulnerability in miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress (CVE-2019-12346)
XSS vulnerability exists in SiteMagic CMS v4.4 (CVE-2019-10238)
SQL injection vulnerability in SEMCMS V3.4 (CVE-2019-11518)
Directory traversal vulnerability in CMS Made Simple 2.2.7 (CVE-2018-10522)
XSS vulnerability in SEMCMS V3.4 (CVE-2018-18738, CVE-2018-18743, CVE-2018-18739)
Arbitrary File Delete vulnerability in Simple File List plugin v3.2.4 or before for WordPress
XSS vulnerability in Better File Download Plugin 1.0.9 for WordPress
XSS vulnerability in File Manager plugin 5.1.5 for WordPress
XSS vulnerability in Modern Events Calendar Lite plugin 4.2.1 for WordPress
XSS vulnerability in Salon booking system plugin 3.30.4 for WordPress
FP fix
Serhyo
July 10, 2019, 3:11pm
195
2019.07.10
XSS vulnerability exists in Typesetter CMS v5.1 (CVE-2018-16639)
SQL injection vulnerability in LibreNMS (CVE-2018-20678)
Directory traversal vulnerability exists in ShopXO 1.2.0 (CVE-2019-5887)
XSS vulnerability in Event Management Tickets Booking By Event Monster Plugin v 1.0.5 or below For WordPress
XSS vulnerability in Table Reservation plugin 3.3.1 for WordPress
XSS exists in Watu Quiz Plugin of v3.1.2.5 or before for WordPress
XSS vulnerability in WP Nearby Places Basic plugin 1.3 for WordPress
XSS vulnerability in SP Project and Document Manager plugin 3.4.7 for WordPress
XSS vulnerability in Ultimate Profile Builder plugin v 3.1 for WordPress
XSS vulnerability in CP Contact Form With Paypal Plugin v 1.2.97 or below For WordPress
Serhyo
July 17, 2019, 11:24am
196
2019.07.17
CSRF vulnerability in WP Open Graph 1.6.1 and earlier for WordPress (CVE-2019-5960)
CSRF vulnerability in Personalized WooCommerce Cart Page plugin 2.4 and earlier for WordPress (CVE-2019-5979)
SQLi vulnerability in VeronaLabs wp-statistics plugin before 12.6.7 for WordPress (CVE-2019-13275)
Unrestricted file upload Vulnerability in SupportCandy plugin through 2.0.0 for WordPress (CVE-2019-11223)
XSS exists in MyBookTable Plugin of v3.2.2 or before for WordPress
XSS vulnerability in Spider Catalog component 3.0 for Joomla
SQLi vulnerability in Spider Catalog component 3.0 for Joomla
XSS vulnerability in WP Statistics plugin 12.6.5 for WordPress
XSS vulnerability in Bookings Plugin 6.0.4 for WordPress
XSS vulnerability in Cherry Real Estate Plugin v 1.1.6 or below For WordPress
Serhyo
July 23, 2019, 4:30pm
197
2019.07.23
Directory traversal vulnerability in JE Messenger component 1.2.2 for Joomla (CVE-2019-9922)
SQLi vulnerability in JE Messenger component 1.2.2 for Joomla (CVE-2019-9918)
XSS exists in Google Language Translator Plugin of v5.0.05 or before for WordPress
CSRF vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress
XSS exists in CF7 Invisible reCAPTCHA Plugin of v1.3.1 or before for WordPress
XSS exists in Share this Image Plugin of v1.19 or before for WordPress
CSRF vulnerability in Bookings Plugin 6.0.4 for WordPress
XSS exists in Podlove Subscribe button plugin of v 1.3.6 for WordPress
FP fix
Serhyo
July 31, 2019, 3:37pm
198
2019.07.31
XSS vulnerability in Joomla before 3.9.3 (CVE-2019-7741)
XSS vulnerability in Appointment Hour Booking plugin 1.1.44 for WordPress (CVE-2019-13505)
CSRF vulnerability in Ultimate Member plugin before 2.0.40 for WordPress (CVE-2019-10673)
XSS vulnerability in Form Maker plugin v1.13.3 for WordPress (CVE-2019-10866)
LFI vulnerability in Nevma Adaptive Images plugin before 0.6.67 for WordPress (CVE-2019-14205 and CVE-2019-14206)
SQLi Vulnerability in WPEverest Everest Forms plugin through 1.4.9 for WordPress (CVE-2019-13575)
CSRF vulnerability in Simple Membership plugin before 3.8.5 for WordPress (CVE-2019-14328)
XSS vulnerability exists in the Coppermine Photo Gallery on or before 1.5.46 (CVE-2018-14478)
XSS vulnerability in Meow Gallery plugin 3.4.7 for WordPress
XSS vulnerability in FuseDesk plugin 3.3 for WordPress
XSS vulnerability in Car Demon plugin 1.7.95 for WordPress
XSS exists in Birthdays Widget Plugin of v 1.7.18 or before for WordPress
XSS vulnerability in Rezgo Online Booking plugin 3.3.1 for WordPress
CSRF vulnerability in Deny All Firewall plugin 1.1.6 for WordPress
Serhyo
August 7, 2019, 5:02pm
199
2019.08.07
SQL injection vulnerability in AMGallery 1.2.3 component for Joomla(CVE-2018-17398)
SQLi vulnerability in 10Web Photo Gallery plugin before 1.5.31 for WordPress (CVE-2019-14313)
CSRF vulnerability in Custom Simple Rss plugin 2.0.6 for WordPress (CVE-2019-14327)
SQLi vulnerability in Adenion Blog2Social plugin through 5.5.0 for WordPress (CVE-2019-13572)
XSS exists in All-in-One WP Migration plugin of v 6.9.7 or before for WordPress
CSRF vulnerability in Event Espresso 4 Decaf plugin 4.9.82.decaf for WordPress
XSS exists in Booqable Online Rental Shop plugin of v 2.3.1 or before for WordPress
FP fix
Serhyo
August 13, 2019, 5:01pm
200
2019.08.13
SQL injection vulnerability in Dutch Auction Factory 2.0.2 component for Joomla(CVE-2018-17381)
SQL injection vulnerability in Auction Factory 4.5.5 component for Joomla(CVE-2018-17374)
XSS exists in Email Subscribers and Newsletters plugin of v 4.1.6 or before for WordPress (CVE-2019-14364)
XSS exists in WebAppick WooCommerce Product Feed Plugin of v 2.2.18 or before for WordPress (CVE-2019-1010124)
Directory Traversal vulnerability in WPS Child Themes Generator plugin 1.1 for WordPress
SQL injection vulnerability in FV Flowplayer Video Player plugin 7.3.18.727 and below for WordPress
SQL injection vulnerability in JoomCRM 1.1.1 component for Joomla
XSS vulnerability in WP Booking System plugin 1.5.4 for WordPress
XSS vulnerability in Folders Plugin 2.1.3 for WordPress
XSS exists in Coming Soon Page and Maintenance Mode Plugin of v 1.8.0 or before for WordPress
XSS vulnerability in Simple Mail Address Encoder plugin 1.6.1 for WordPress