The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WordPress Plugins ~ not comprehensive

computer vulnerability bulletin CVE-2019-14230 CVE-2019-14231

WordPress Viral Quiz Maker: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Viral Quiz Maker, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/07/2019.
Identifiers: CVE-2019-14230, CVE-2019-14231, VIGILANCE-VUL-29848.

Description of the vulnerability

An attacker can use a SQL injection of WordPress Viral Quiz Maker, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-14205 CVE-2019-14206

WordPress Adaptive Images: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WordPress Adaptive Images.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights, data reading, data deletion.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/07/2019.
Identifiers: CVE-2019-14205, CVE-2019-14206, VIGILANCE-VUL-29847.

Description of the vulnerability

An attacker can use several vulnerabilities of WordPress Adaptive Images.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-12934

WordPress wp-code-highlightjs: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress wp-code-highlightjs, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/07/2019.
Identifiers: CVE-2019-12934, VIGILANCE-VUL-29845.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress wp-code-highlightjs, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-13569

WordPress Email Subscribers Newsletters: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Email Subscribers Newsletters, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 17/07/2019.
Identifiers: CVE-2019-13569, FG-VD-19-095, VIGILANCE-VUL-29805.

Description of the vulnerability

An attacker can use a SQL injection of WordPress Email Subscribers Newsletters, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-13575

WordPress Everest Forms: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Everest Forms, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 16/07/2019.
Identifiers: CVE-2019-13575, FG-VD-19-096, VIGILANCE-VUL-29786.

Description of the vulnerability

An attacker can use a SQL injection of WordPress Everest Forms, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-13573

WordPress FV Flowplayer Video Player: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress FV Flowplayer Video Player, in order to read or alter data.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 12/07/2019.
Identifiers: CVE-2019-13573, FG-VD-19-097, VIGILANCE-VUL-29766.

Description of the vulnerability

An attacker can use a SQL injection of WordPress FV Flowplayer Video Player, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-13505

WordPress Appointment Hour Booking: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Appointment Hour Booking, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/07/2019.
Identifiers: CVE-2019-13505, VIGILANCE-VUL-29759.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Appointment Hour Booking, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-13478

WordPress Yoast SEO: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of WordPress Yoast SEO, in order to run JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 10/07/2019.
Identifiers: CVE-2019-13478, VIGILANCE-VUL-29731.

Description of the vulnerability

The Yoast SEO plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Yoast SEO, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-13413 CVE-2019-13414

WordPress Rencontre: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WordPress Rencontre.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition, data deletion.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/07/2019.
Identifiers: CVE-2019-13413, CVE-2019-13414, VIGILANCE-VUL-29712.

Description of the vulnerability

An attacker can use several vulnerabilities of WordPress Rencontre.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-13344

WordPress WP Like Button: privilege escalation via contains

Synthesis of the vulnerability

An attacker can bypass restrictions via contains() of WordPress WP Like Button, in order to escalate his privileges.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data creation/edition.
Provenance: internet client.
Creation date: 08/07/2019.
Identifiers: CVE-2019-13344, VIGILANCE-VUL-29703.

Description of the vulnerability

An attacker can bypass restrictions via contains() of WordPress WP Like Button, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WordPress Plugins ~ not comprehensive: