Coming Soon Page & Maintenance Mode <= 1.8.0 – Unauthenticated Stored XSS
More info:
https://wpvulndb.com/vulnerabilities/9459
WordPress Vulnerability Roundup: July 2019, Part 1
https://ithemes.com/wordpress-vulnerability-roundup-july-2019-part-1/New WordPress plugin and theme vulnerabilities were disclosed during the first half of this month, so we want to keep you aware. We divide the WordPress Vulnerability Roundup into four different categories: 1. WordPress core 2. WordPress Plugins 3. WordPress Themes 4. Breaches From Around the Web *We include breaches from around the web because […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-july-2019-part-1/
Appointment Hour Booking <= 1.1.45 – Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/9458
More info:
https://wpvulndb.com/vulnerabilities/9458
Ultra Simple Paypal Shopping Cart <= 4.4 – Cross-Site Request Forgery (CSRF)
https://wpvulndb.com/vulnerabilities/9457
More info:
https://wpvulndb.com/vulnerabilities/9457
Drupal core – Critical – Access bypass – SA-CORE-2019-008
Project: Drupal coreDate: 2019-July-17Security risk: Critical 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2019-6342Description: In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not
More info:
https://www.drupal.org/sa-core-2019-008
All-in-One WP Migration <= 6.97 – XSS in admin backend
More info:
https://wpvulndb.com/vulnerabilities/9461
Oracle Critical Patch Update Advisory – July 2019
More info:
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MSA-19-0015: Quiz group overrides did not observe groups membership or accessallgroups
by Michael Hawkins. Teachers in a quiz group could modify group overrides for other groups in the same quiz.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Charl NelCVE identifier:CVE-2019-10188Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34411Tracker issue:MDL-34411 Quiz group overrides did not observe groups membership or
More info:
https://moodle.org/mod/forum/discuss.php?d=388569&parent=1566331
MSA-19-0013: Missing sesskey (CSRF) token in loading/unloading XML files
by Michael Hawkins. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Callum CarneyCVE identifier:CVE-2019-10186Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53689Tracker issue:MDL-53689 Missing sesskey (CSRF) token in loading/unloading xml files
More info:
https://moodle.org/mod/forum/discuss.php?d=388567&parent=1566329
MSA-19-0014: Ability to delete glossary entries that belong to another glossary
by Michael Hawkins. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Peter DiasCVE identifier:CVE-2019-10187Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64623Tracker issue:MDL-64623 Ability to delete
More info:
https://moodle.org/mod/forum/discuss.php?d=388568&parent=1566330