National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,435 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2019-15817

The easy-property-listings plugin before 3.4 for WordPress has XSS.

Published: August 30, 2019; 09:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15816

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.

Published: August 30, 2019; 09:15:11 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9380

The photo-gallery plugin before 1.2.42 for WordPress has CSRF.

Published: August 30, 2019; 09:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-14979

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.

Published: August 29, 2019; 03:15:13 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-14978

/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.

Published: August 29, 2019; 03:15:13 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-14977

** DISPUTED ** card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugin 1.0.7 for WordPress allows Parameter Tampering in the sign parameter, as demonstrated by purchasing an item for lower than the intended price. NOTE: The vendor disputes this vulnerability stating, "Validation is happening as expected on the data in POST body. The URL parameters are completely unused in this POST."

Published: August 29, 2019; 03:15:13 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-15781

The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.

Published: August 29, 2019; 09:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15779

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.

Published: August 29, 2019; 09:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15778

The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.

Published: August 29, 2019; 09:15:11 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-15771

The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Published: August 29, 2019; 09:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15780

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-15776

The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15774

The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15773

The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15772

The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-15770

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15769

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.

Published: August 29, 2019; 08:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-21007

The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.

Published: August 29, 2019; 08:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH