National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,926 matching records.
Displaying matches 1721 through 1740.
Vuln ID Summary CVSS Severity
CVE-2017-6573

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6572

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6571

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6570

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6104

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.

Published: March 02, 2017; 05:59:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.

Published: March 02, 2017; 05:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-6102

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.

Published: March 02, 2017; 05:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-8636

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.

Published: February 22, 2017; 11:59:00 AM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-6098

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6097

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6096

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-5942

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.

Published: February 10, 2017; 02:59:00 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-5940

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.

Published: February 09, 2017; 01:59:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 4.6 MEDIUM
CVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

Published: February 09, 2017; 01:59:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 4.6 MEDIUM
CVE-2017-5612

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.

Published: January 29, 2017; 11:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-5611

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

Published: January 29, 2017; 11:59:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-5610

wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.

Published: January 29, 2017; 11:59:00 PM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-0769

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.

Published: January 23, 2017; 04:59:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-0765

Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.

Published: January 23, 2017; 04:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM