National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): WordPress
  • Search Type: Search All
There are 2,843 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-9003

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.

Published: February 20, 2020; 05:15:12 PM -05:00
(not available)
CVE-2014-4019

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.

Published: February 20, 2020; 01:15:11 PM -05:00
(not available)
CVE-2013-4454

WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities

Published: February 18, 2020; 09:15:12 AM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-5530

Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: February 18, 2020; 01:15:10 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.

Published: February 17, 2020; 12:15:15 PM -05:00
V3.1: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.

Published: February 17, 2020; 11:15:28 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-9006

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.)

Published: February 17, 2020; 10:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-8594

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].

Published: February 14, 2020; 03:15:09 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2013-1401

Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.

Published: February 13, 2020; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-1400

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.

Published: February 13, 2020; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

Published: February 12, 2020; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-5988

A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.

Published: February 11, 2020; 01:15:16 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-3684

NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload

Published: February 11, 2020; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-8596

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).

Published: February 11, 2020; 07:15:21 AM -05:00
(not available)
CVE-2013-2109

WordPress plugin wp-cleanfix has Remote Code Execution

Published: February 10, 2020; 12:15:13 PM -05:00
(not available)
CVE-2013-2108

WordPress WP Cleanfix Plugin 2.4.4 has CSRF

Published: February 10, 2020; 12:15:13 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-2062

Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.

Published: February 08, 2020; 01:15:11 PM -05:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.

Published: February 08, 2020; 01:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-1394

Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.

Published: February 08, 2020; 12:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2013-2009

WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution

Published: February 07, 2020; 09:15:11 AM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM