National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 1,881 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2018-1002005

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002004

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002003

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002002

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002001

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002000

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2018-19796

An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.

Published: December 03, 2018; 01:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 5.8 MEDIUM
CVE-2018-19370

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.

Published: November 28, 2018; 05:29:00 PM -05:00
V3: 6.6 MEDIUM
V2: 6.0 MEDIUM
CVE-2018-19564

Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.

Published: November 26, 2018; 01:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19287

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.

Published: November 15, 2018; 01:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19207

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

Published: November 12, 2018; 12:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18919

The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.

Published: November 04, 2018; 01:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.

Published: October 25, 2018; 08:29:00 PM -04:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.

Published: October 19, 2018; 06:29:01 PM -04:00
V3: 4.7 MEDIUM
V2: 1.9 LOW
CVE-2018-18461

The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.

Published: October 18, 2018; 02:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18460

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.

Published: October 18, 2018; 02:29:01 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18373

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.

Published: October 17, 2018; 10:29:01 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request.

Published: October 09, 2018; 06:29:02 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7632

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL.

Published: October 09, 2018; 06:29:01 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-7631

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication.

Published: October 09, 2018; 06:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH