Custom Simple RSS <= 2.0.6 – CSRF
More info:
https://wpvulndb.com/vulnerabilities/9483
OneSignal Web Push Notifications – Stored XSS
More info:
https://wpvulndb.com/vulnerabilities/9478
Pirate Forms <= 1.5.1 – HTML Injection & CSRF
More info:
https://wpvulndb.com/vulnerabilities/9481
Contact Form 7 Dynamic Text Extension <= 2.0.2.1 – Reflected XSS
More info:
https://wpvulndb.com/vulnerabilities/9477
Advanced Contact form 7 DB <= 1.6.1 – SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9479
Blog2Social <= 5.5.0 – SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9476
Simple Membership <= 3.8.4 – CSRF
More info:
https://wpvulndb.com/vulnerabilities/9482
AdRotate Banner Manager <= 5.2 – Authenticated SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9475
AdRotate Banner Manager <= 5.2 – Authenticated SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9475
DSA-4489 patch – security update
Imre Rad discovered several vulnerabilities in GNU patch, leading toshell command injection or escape from the working directory and accessand overwrite files, if specially crafted patch files are processed.
More info:
https://www.debian.org/security/2019/dsa-4489