National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 1,606 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-11366

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.

Published: May 22, 2018; 09:29:00 AM -04:00
(not available)
CVE-2018-11244

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.

Published: May 18, 2018; 01:29:00 PM -04:00
(not available)
CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.

Published: May 15, 2018; 11:29:00 AM -04:00
(not available)
CVE-2018-0590

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.

Published: May 14, 2018; 09:29:03 AM -04:00
(not available)
CVE-2018-0589

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.

Published: May 14, 2018; 09:29:03 AM -04:00
(not available)
CVE-2018-0588

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
(not available)
CVE-2018-0587

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
(not available)
CVE-2018-0586

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
(not available)
CVE-2018-0585

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
(not available)
CVE-2018-0579

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:01 AM -04:00
(not available)
CVE-2018-0578

Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:01 AM -04:00
(not available)
CVE-2018-0577

Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:00 AM -04:00
(not available)
CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:00 AM -04:00
(not available)
CVE-2018-10752

The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.

Published: May 04, 2018; 10:29:00 PM -04:00
(not available)
CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.

Published: May 01, 2018; 09:29:00 AM -04:00
(not available)
CVE-2018-1000172

Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.

Published: April 30, 2018; 06:29:00 PM -04:00
(not available)
CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

Published: April 27, 2018; 12:29:00 PM -04:00
(not available)
CVE-2014-5014

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.

Published: April 25, 2018; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-10310

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.

Published: April 25, 2018; 05:29:00 AM -04:00
(not available)
CVE-2018-10309

The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.

Published: April 23, 2018; 10:29:00 PM -04:00
(not available)