National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): wordpress
There are 1,527 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Published: February 16, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Published: February 16, 2018; 09:29:00 AM -05:00
(not available)
CVE-2017-14537

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

Published: February 15, 2018; 11:29:00 PM -05:00
(not available)
CVE-2017-14536

trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.

Published: February 15, 2018; 11:29:00 PM -05:00
(not available)
CVE-2017-14535

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Published: February 15, 2018; 11:29:00 PM -05:00
(not available)
CVE-2018-6506

Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.

Published: February 11, 2018; 11:29:00 PM -05:00
(not available)
CVE-2018-6891

Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.

Published: February 11, 2018; 01:29:00 AM -05:00
(not available)
CVE-2015-2329

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.

Published: February 08, 2018; 06:29:00 PM -05:00
(not available)
CVE-2017-17552

/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.

Published: February 07, 2018; 12:29:01 PM -05:00
(not available)
CVE-2018-6389

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

Published: February 06, 2018; 12:29:00 PM -05:00
(not available)
CVE-2018-6469

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6468

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6467

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6466

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2015-4179

Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.

Published: February 05, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-0511

Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Published: February 01, 2018; 09:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-6465

The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

Published: January 31, 2018; 01:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.

Published: January 30, 2018; 03:29:00 PM -05:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2018-6194

A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.

Published: January 30, 2018; 03:29:00 PM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-0101

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.

Published: January 29, 2018; 03:29:00 PM -05:00
(not available)