tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVE-2019-15317PUBLISHED: 2019-08-22The give plugin before 2.4.7 for WordPress has XSS via a donor name.
CVE-2019-15318PUBLISHED: 2019-08-22The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
CVE-2016-10921PUBLISHED: 2019-08-22The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
CVE-2017-18570PUBLISHED: 2019-08-22The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
Support the originator by clicking the read the rest link below.