Pirate Forms <= 1.5.1 – HTML Injection & CSRF
More info:
https://wpvulndb.com/vulnerabilities/9481
Contact Form 7 Dynamic Text Extension <= 2.0.2.1 – Reflected XSS
More info:
https://wpvulndb.com/vulnerabilities/9477
Advanced Contact form 7 DB <= 1.6.1 – SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9479
Blog2Social <= 5.5.0 – SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9476
Simple Membership <= 3.8.4 – CSRF
More info:
https://wpvulndb.com/vulnerabilities/9482
AdRotate Banner Manager <= 5.2 – Authenticated SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9475
AdRotate Banner Manager <= 5.2 – Authenticated SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9475
DSA-4489 patch – security update
Imre Rad discovered several vulnerabilities in GNU patch, leading toshell command injection or escape from the working directory and accessand overwrite files, if specially crafted patch files are processed.
More info:
https://www.debian.org/security/2019/dsa-4489
Photo Gallery <= 1.5.30 – SQL Injection
More info:
https://wpvulndb.com/vulnerabilities/9480
DSA-4488 exim4 – security update
Jeremy Harris discovered that Exim, a mail transport agent, does notproperly handle the ${sort } expansion. This flaw can be exploited by aremote attacker to execute programs with root privileges in non-default(and unusual) configurations where ${sort } expansion is used for itemsthat can be controlled by an attacker.
More info:
https://www.debian.org/security/2019/dsa-4488