National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): WordPress
  • Search Type: Search All
There are 2,046 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-15116

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.

Published: August 16, 2019; 05:15:13 PM -04:00
(not available)
CVE-2019-15115

The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.

Published: August 16, 2019; 05:15:13 PM -04:00
(not available)
CVE-2019-15114

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

Published: August 16, 2019; 05:15:13 PM -04:00
(not available)
CVE-2019-15113

The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.

Published: August 16, 2019; 05:15:13 PM -04:00
(not available)
CVE-2018-20974

The js-jobs plugin before 1.0.7 for WordPress has CSRF.

Published: August 16, 2019; 05:15:11 PM -04:00
(not available)
CVE-2018-20973

The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.

Published: August 16, 2019; 05:15:11 PM -04:00
(not available)
CVE-2018-20972

The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.

Published: August 16, 2019; 05:15:11 PM -04:00
(not available)
CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.

Published: August 16, 2019; 05:15:11 PM -04:00
(not available)
CVE-2017-18547

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.

Published: August 16, 2019; 05:15:11 PM -04:00
(not available)
CVE-2017-18546

The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2017-18542

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2015-9322

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2014-10376

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
(not available)
CVE-2017-18548

The note-press plugin before 0.1.2 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH