National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,707 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2015-9498

The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.

Published: October 22, 2019; 05:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.

Published: October 22, 2019; 05:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-9496

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.

Published: October 22, 2019; 05:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9495

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.

Published: October 22, 2019; 04:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9494

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.

Published: October 22, 2019; 04:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9493

The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.

Published: October 22, 2019; 04:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16974

In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 21, 2019; 05:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16969

In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 21, 2019; 05:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16970

In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 21, 2019; 04:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16968

An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.

Published: October 21, 2019; 04:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.

Published: October 21, 2019; 04:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16966

An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.

Published: October 21, 2019; 03:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16965

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

Published: October 21, 2019; 03:15:10 PM -04:00
V3.1: 7.2 HIGH
    V2: 9.0 HIGH
CVE-2019-16964

app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.

Published: October 21, 2019; 03:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2019-16991

In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 21, 2019; 12:15:18 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16989

In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 21, 2019; 12:15:18 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16988

In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

Published: October 21, 2019; 12:15:18 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16987

In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

Published: October 21, 2019; 12:15:18 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16986

In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)

Published: October 21, 2019; 12:15:18 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-16985

In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.

Published: October 21, 2019; 12:15:18 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 8.5 HIGH