Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): XSS Wordpress
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-7413 |
In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.) Published: February 05, 2019; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19041 |
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. Published: January 31, 2019; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-6267 |
The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. Published: January 14, 2019; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10736 |
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter. Published: January 09, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20368 |
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. Published: December 22, 2018; 9:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-14846 |
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. Published: December 20, 2018; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-20153 |
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. Published: December 14, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-20150 |
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. Published: December 14, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20149 |
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. Published: December 14, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-20101 |
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. Published: December 12, 2018; 11:29:01 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-1002009 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1002008 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1002007 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1002004 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1002003 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1002002 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1002001 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19564 |
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. Published: November 26, 2018; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19287 |
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter. Published: November 15, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18919 |
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. Published: November 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |