National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 1,836 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.

Published: December 14, 2018; 05:29:00 PM -05:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2018-20155

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.

Published: December 14, 2018; 05:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20154

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.

Published: December 14, 2018; 05:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20153

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20152

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20151

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20149

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20147

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.

Published: December 14, 2018; 03:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 5.5 MEDIUM
CVE-2018-20138

PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.

Published: December 13, 2018; 01:29:00 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20101

The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.

Published: December 12, 2018; 11:29:01 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-1002009

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002008

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002007

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002006

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002005

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002004

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002003

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-1002002

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Published: December 03, 2018; 11:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW