CP Contact Form with Paypal <= 1.2.97 – Authenticated XSS
More info:
https://wpvulndb.com/vulnerabilities/9381
Enhanced Plugin Admin <= 1.15 – XSS
More info:
https://wpvulndb.com/vulnerabilities/9371
Import users from CSV with meta <= 1.14.0.2 – XSS and CSRF
More info:
https://wpvulndb.com/vulnerabilities/9366
RSS Includes Pages <= 3.6 – XSS
More info:
https://wpvulndb.com/vulnerabilities/9369
ConvertPlus <= 3.4.4 – Multiple Issues
More info:
https://wpvulndb.com/vulnerabilities/9365
CF7 Invisible reCaptcha <= 1.3.1 – XSS
More info:
https://wpvulndb.com/vulnerabilities/9367
Dropshix <= 4.0.11 – Arbitrary Product Import
More info:
https://wpvulndb.com/vulnerabilities/9364
Real Time Find and Replace <= 3.8 – XSS
More info:
https://wpvulndb.com/vulnerabilities/9370
Facebook for WooCommerce <= 1.9.12 – CSRF allowing Option Update
More info:
https://wpvulndb.com/vulnerabilities/9356
DSA-4468 php-horde-form – security update
A path traversal vulnerability due to an unsanitized POST parameter wasdiscovered in php-horde-form, a package providing form rendering,validation, and other functionality for the Horde Application Framework.An attacker can take advantage of this flaw for remote code execution.
More info:
https://www.debian.org/security/2019/dsa-4468