- WordPress Plugin WP CSS is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin WP CSS version 2.0.5 is vulnerable; other versions may also be affected.
- Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
- Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.7)
- WordPress Plugin KBoard Multiple Vulnerabilities (3.3)
- WordPress Plugin TallyKit Cross-Site Scripting (5.4)
- WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress SQL Injection (3.7.39)
- WordPress Plugin EditorMonkey Remote File Upload (2.5)