CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16220 – WordPress Core < 5.2.3 - Open Redirect
https://notcve.org/view.php?id=CVE-2019-16220
05 Sep 2019 — In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. En WordPress versiones anteriores a 5.2.3, la comprobación y el saneamiento de una URL en la función wp_validate_redirect en el archivo wp-includes/pluggable.php podría conllevar a un redireccionamiento abierto. In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if ... • https://core.trac.wordpress.org/changeset/45971 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2018-19296 – Ubuntu Security Notice USN-5956-2
https://notcve.org/view.php?id=CVE-2018-19296
16 Nov 2018 — PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. PHPMailer en versiones anteriores a la 5.2.27 y versiones 6.x anteriores a la 6.0.6 es vulnerable a un ataque de inyección de objetos. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. • https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •