National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 123,025 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2016-11008

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11007

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11006

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-11005

The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-11004

The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-11003

The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-11002

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-11000

The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10999

The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.

Published: September 20, 2019; 11:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10998

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2015-9391

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

Published: September 20, 2019; 11:15:12 AM -04:00
(not available)
CVE-2015-9389

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9388

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9386

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.

Published: September 20, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9385

The quotes-and-tips plugin before 1.20 for WordPress has XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM