National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 1,716 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.

Published: December 14, 2018; 05:29:00 PM -05:00
(not available)
CVE-2018-20155

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.

Published: December 14, 2018; 05:29:00 PM -05:00
(not available)
CVE-2018-20154

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.

Published: December 14, 2018; 05:29:00 PM -05:00
(not available)
CVE-2018-20153

In WordPress versions before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20152

In WordPress versions before 5.0.1, authors could bypass intended restrictions on post types via crafted input.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20151

In WordPress versions before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20150

In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20149

In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20148

In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20147

In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.

Published: December 14, 2018; 03:29:00 PM -05:00
(not available)
CVE-2018-20138

PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.

Published: December 13, 2018; 01:29:00 PM -05:00
(not available)
CVE-2018-20101

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.

Published: December 12, 2018; 11:29:01 AM -05:00
(not available)
CVE-2018-1002009

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002008

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002007

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002006

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002005

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002004

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002003

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)
CVE-2018-1002002

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
(not available)