• WordPress Plugin Plainview Activity Monitor is prone to a remote command execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application. WordPress Plugin Plainview Activity Monitor version 20161228 is vulnerable; prior versions may also be affected.

• Update to plugin version 20180826 or latest

• • https://github.com/aas-n/CVE/tree/master/plainview-activity-monitor
  • https://www.exploit-db.com/exploits/45274/
  • https://packetstormsecurity.com/files/149102/WordPress-Plainview-Activity-Monitor-20161228-Command-Injection.html
  • https://plugins.svn.wordpress.org/plainview-activity-monitor/trunk/readme.txt

• 

• CVE-2018-15877

• CWE-94

• Missing Update Code Execution

• Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)
• WordPress Plugin WordPress Book List Arbitrary File Upload (5.0.11)
• WordPress Plugin WP Ultimate Exporter Cross-Site Scripting (1.0)
• WordPress Plugin AMP Toolbox Cross-Site Scripting (1.9.4)
• WordPress Plugin All in One SEO Pack Cross-Site Scripting (2.3.7)