National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 1,810 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-11223

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

Published: April 18, 2019; 02:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18019

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

Published: April 15, 2019; 05:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18018

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

Published: April 15, 2019; 05:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18017

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

Published: April 15, 2019; 05:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16967

There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

Published: April 15, 2019; 05:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16966

There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

Published: April 15, 2019; 05:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-17586

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.

Published: April 15, 2019; 04:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-17585

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.

Published: April 15, 2019; 04:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-17584

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

Published: April 15, 2019; 04:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-17583

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.

Published: April 15, 2019; 04:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16259

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit.

Published: April 12, 2019; 03:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16258

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type.

Published: April 12, 2019; 03:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16257

There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template.

Published: April 12, 2019; 03:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16256

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule).

Published: April 12, 2019; 02:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16255

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate.

Published: April 12, 2019; 02:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16254

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options.

Published: April 12, 2019; 02:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-13137

The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.

Published: April 12, 2019; 02:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2019-6117

The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.

Published: April 09, 2019; 02:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form.

Published: April 03, 2019; 01:29:00 AM -04:00
V3: 8.8 HIGH
V2: 9.3 HIGH
CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

Published: April 02, 2019; 02:30:20 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH