National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,226 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

Published: August 23, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-15329

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

Published: August 22, 2019; 04:15:12 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-15328

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

Published: August 22, 2019; 04:15:12 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-15327

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

Published: August 22, 2019; 04:15:12 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-15326

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

Published: August 22, 2019; 04:15:12 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

Published: August 22, 2019; 04:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20986

The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors.

Published: August 22, 2019; 04:15:11 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-18585

The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.

Published: August 22, 2019; 04:15:11 PM -04:00
V3: 8.1 HIGH
V2: 5.5 MEDIUM
CVE-2017-18579

The corner-ad plugin before 1.0.8 for WordPress has XSS.

Published: August 22, 2019; 04:15:11 PM -04:00
(not available)
CVE-2017-18578

The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.

Published: August 22, 2019; 04:15:11 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.

Published: August 22, 2019; 04:15:11 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2016-10928

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.

Published: August 22, 2019; 04:15:11 PM -04:00
(not available)
CVE-2015-9340

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

Published: August 22, 2019; 04:15:11 PM -04:00
(not available)
CVE-2015-9339

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

Published: August 22, 2019; 04:15:11 PM -04:00
(not available)
CVE-2015-9338

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

Published: August 22, 2019; 04:15:11 PM -04:00
(not available)
CVE-2015-9334

The email-newsletter plugin through 20.15 for WordPress has SQL injection.

Published: August 22, 2019; 04:15:11 PM -04:00
(not available)
CVE-2014-10393

The cforms2 plugin before 10.5 for WordPress has XSS.

Published: August 22, 2019; 04:15:11 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2014-10386

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.

Published: August 22, 2019; 04:15:10 PM -04:00
(not available)
CVE-2014-10382

The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.

Published: August 22, 2019; 04:15:10 PM -04:00
(not available)
CVE-2013-7483

The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.

Published: August 22, 2019; 04:15:10 PM -04:00
(not available)