U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 10,584 matching records.
Displaying matches 9,301 through 9,320.
Vuln ID Summary CVSS Severity
CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

Published: January 12, 2018; 2:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-5315

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.

Published: January 12, 2018; 12:29:01 PM -0500 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5374

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).

Published: January 12, 2018; 4:29:02 AM -0500 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-5373

The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).

Published: January 12, 2018; 4:29:02 AM -0500 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-5372

The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5368

The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5367

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5366

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5365

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5363

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5362

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.

Published: January 12, 2018; 4:29:01 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5361

The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.

Published: January 12, 2018; 4:29:00 AM -0500 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.

Published: January 09, 2018; 5:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-5312

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.

Published: January 09, 2018; 12:29:00 AM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5311

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.

Published: January 09, 2018; 12:29:00 AM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-5310

In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.

Published: January 09, 2018; 12:29:00 AM -0500 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2014-4972

Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms.

Published: January 08, 2018; 2:29:00 PM -0500 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

Published: January 08, 2018; 2:29:00 AM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM