National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,193 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2017-18542

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.

Published: August 16, 2019; 05:15:10 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS.

Published: August 16, 2019; 05:15:10 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9322

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.

Published: August 16, 2019; 05:15:10 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2014-10376

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.

Published: August 16, 2019; 05:15:10 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-18548

The note-press plugin before 0.1.2 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-10904

The olimometer plugin before 2.57 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9326

The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-9325

The visitors-online plugin before 0.4 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-14789

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.

Published: August 15, 2019; 12:15:12 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-14788

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

Published: August 15, 2019; 12:15:12 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.

Published: August 15, 2019; 12:15:12 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-14784

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.

Published: August 15, 2019; 12:15:12 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-13578

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.

Published: August 15, 2019; 12:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.

Published: August 15, 2019; 11:15:15 AM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-14795

The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.

Published: August 15, 2019; 11:15:14 AM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2019-14790

The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,

Published: August 15, 2019; 11:15:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.

Published: August 14, 2019; 05:15:13 PM -04:00
(not available)
CVE-2018-20968

The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.

Published: August 14, 2019; 12:15:12 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM