National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,970 matching records.
Displaying matches 1121 through 1140.
Vuln ID Summary CVSS Severity
CVE-2016-10936

The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.

Published: August 27, 2019; 09:15:10 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9352

The wp-polls plugin before 2.72 for WordPress has SQL injection.

Published: August 27, 2019; 09:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-9351

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button.

Published: August 27, 2019; 09:15:09 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-9350

The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.

Published: August 27, 2019; 09:15:09 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9348

The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.

Published: August 27, 2019; 09:15:09 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15659

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.

Published: August 27, 2019; 08:15:13 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15649

The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.

Published: August 27, 2019; 08:15:13 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15648

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber.

Published: August 27, 2019; 08:15:13 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 5.5 MEDIUM
CVE-2019-15647

The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15646

The rsvpmaker plugin before 6.2 for WordPress has SQL injection.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15645

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15644

The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15643

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13237

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-13236

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13235

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13234

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-21006

The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-21005

The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.

Published: August 27, 2019; 08:15:12 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH