The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WordPress Plugins ~ not comprehensive

computer vulnerability CVE-2019-13578

WordPress Give: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Give, in order to read or alter data.
Severity: 2/4.
Creation date: 12/08/2019.
Identifiers: CVE-2019-13578, FG-VD-19-098, VIGILANCE-VUL-30019.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WordPress Give product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress Give, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2019-14683

WordPress Import Users From CSV With Meta: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WordPress Import Users From CSV With Meta, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 09/08/2019.
Identifiers: CVE-2019-14683, VIGILANCE-VUL-30000.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Import Users From CSV With Meta plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WordPress Import Users From CSV With Meta, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2019-14682

WordPress ACF Better Search: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WordPress ACF Better Search, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 09/08/2019.
Identifiers: CVE-2019-14682, VIGILANCE-VUL-29999.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ACF Better Search plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WordPress ACF Better Search, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-14681

WordPress Deny All Firewall: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WordPress Deny All Firewall, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 09/08/2019.
Identifiers: CVE-2019-14681, VIGILANCE-VUL-29998.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Deny All Firewall plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WordPress Deny All Firewall, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2019-14695

WordPress Popup Builder: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Popup Builder, in order to read or alter data.
Severity: 2/4.
Creation date: 07/08/2019.
Identifiers: CVE-2019-14695, FG-VD-19-102, VIGILANCE-VUL-29972.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WordPress Popup Builder product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress Popup Builder, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2019-14348

WordPress JoomSport: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress JoomSport, in order to read or alter data.
Severity: 2/4.
Creation date: 06/08/2019.
Identifiers: CVE-2019-14348, VIGILANCE-VUL-29950.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WordPress JoomSport product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress JoomSport, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2019-13635

WordPress WP Fastest Cache: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of WordPress WP Fastest Cache, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 30/07/2019.
Identifiers: CVE-2019-13635, VIGILANCE-VUL-29909.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of WordPress WP Fastest Cache, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2019-14328

WordPress Simple Membership: Cross Site Request Forgery via Bulk Operation menu

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Bulk Operation menu of WordPress Simple Membership, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 29/07/2019.
Identifiers: CVE-2019-14328, VIGILANCE-VUL-29901.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Simple Membership plugin can be installed on WordPress.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via Bulk Operation menu of WordPress Simple Membership, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-13571

WordPress Advanced CF7 DB: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Advanced CF7 DB, in order to read or alter data.
Severity: 2/4.
Creation date: 26/07/2019.
Identifiers: CVE-2019-13571, FG-VD-19-093, VIGILANCE-VUL-29896.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WordPress Advanced CF7 DB product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress Advanced CF7 DB, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

weakness 29895

WordPress Photo Gallery: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of WordPress Photo Gallery, in order to read or alter data.
Severity: 2/4.
Creation date: 26/07/2019.
Identifiers: FG-VD-19-101, VIGILANCE-VUL-29895.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WordPress Photo Gallery product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of WordPress Photo Gallery, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WordPress Plugins ~ not comprehensive: