) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-1000128 |
Reflected XSS in wordpress plugin anti-plagiarism v3.60 Published: October 10, 2016; 4:59:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000127 |
Reflected XSS in wordpress plugin ajax-random-post v2.00 Published: October 10, 2016; 4:59:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000126 |
Reflected XSS in wordpress plugin admin-font-editor v1.8 Published: October 10, 2016; 4:59:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000217 |
Zotpress plugin for WordPress SQLi in zp_get_account() Published: October 06, 2016; 10:59:24 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-1000112 |
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin Published: October 06, 2016; 10:59:18 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 9.4 HIGH |
| CVE-2015-1000013 |
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 Published: October 06, 2016; 10:59:14 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-1000012 |
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin Published: October 06, 2016; 10:59:13 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-1000011 |
Blind SQL Injection in wordpress plugin dukapress v2.5.9 Published: October 06, 2016; 10:59:12 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2015-1000010 |
Remote file download in simple-image-manipulator v1.0 wordpress plugin Published: October 06, 2016; 10:59:11 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-1000009 |
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 Published: October 06, 2016; 10:59:10 AM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2015-1000008 |
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 Published: October 06, 2016; 10:59:09 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2015-1000006 |
Remote file download vulnerability in recent-backups v0.7 wordpress plugin Published: October 06, 2016; 10:59:07 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-1000005 |
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin Published: October 06, 2016; 10:59:05 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-1000004 |
XSS in filedownload v1.4 wordpress plugin Published: October 06, 2016; 10:59:04 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-1000003 |
Blind SQL Injection in filedownload v1.4 wordpress plugin Published: October 06, 2016; 10:59:03 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2015-1000002 |
Open Proxy in filedownload v1.4 wordpress plugin Published: October 06, 2016; 10:59:02 AM -0400 |
V4.0:(not available) V3.0: 8.2 HIGH V2.0: 5.8 MEDIUM |
| CVE-2015-1000001 |
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin Published: October 06, 2016; 10:59:01 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
| CVE-2015-1000000 |
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Published: October 06, 2016; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
| CVE-2016-6635 |
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. Published: August 07, 2016; 12:59:17 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-6634 |
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: August 07, 2016; 12:59:15 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |