National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 1,528 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-2324

Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.

Published: February 19, 2018; 02:29:00 PM -05:00
(not available)
CVE-2018-6944

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Published: February 16, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6943

core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Published: February 16, 2018; 09:29:00 AM -05:00
(not available)
CVE-2017-14537

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

Published: February 15, 2018; 11:29:00 PM -05:00
(not available)
CVE-2017-14536

trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.

Published: February 15, 2018; 11:29:00 PM -05:00
(not available)
CVE-2017-14535

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Published: February 15, 2018; 11:29:00 PM -05:00
(not available)
CVE-2018-6506

Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.

Published: February 11, 2018; 11:29:00 PM -05:00
(not available)
CVE-2018-6891

Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.

Published: February 11, 2018; 01:29:00 AM -05:00
(not available)
CVE-2015-2329

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.

Published: February 08, 2018; 06:29:00 PM -05:00
(not available)
CVE-2017-17552

/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.

Published: February 07, 2018; 12:29:01 PM -05:00
(not available)
CVE-2018-6389

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

Published: February 06, 2018; 12:29:00 PM -05:00
(not available)
CVE-2018-6469

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6468

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6467

The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-6466

A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.

Published: February 06, 2018; 09:29:00 AM -05:00
(not available)
CVE-2015-4179

Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.

Published: February 05, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-0511

Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Published: February 01, 2018; 09:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-6465

The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

Published: January 31, 2018; 01:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.

Published: January 30, 2018; 03:29:00 PM -05:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2018-6194

A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.

Published: January 30, 2018; 03:29:00 PM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW