National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,996 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2015-9396

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9395

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-9393

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9392

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-16642

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.

Published: September 20, 2019; 11:15:14 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-11013

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-11012

The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2016-11011

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-11010

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11009

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11008

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11007

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11006

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11005

The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-11004

The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-11003

The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-11002

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-11000

The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH