National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,503 matching records.
Displaying matches 1681 through 1700.
Vuln ID Summary CVSS Severity
CVE-2014-2995

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.

Published: October 17, 2014; 06:55:04 PM -04:00
    V2: 3.5 LOW
CVE-2014-2559

Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.

Published: October 17, 2014; 06:55:04 PM -04:00
    V2: 6.8 MEDIUM
CVE-2014-7181

Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.

Published: October 16, 2014; 03:55:14 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7138

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.

Published: October 16, 2014; 03:55:14 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-6312

Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.

Published: October 15, 2014; 10:55:08 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-6313

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.

Published: October 14, 2014; 10:55:06 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7297

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.

Published: October 13, 2014; 06:55:08 AM -04:00
    V2: 10.0 HIGH
CVE-2014-7139

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.

Published: October 10, 2014; 10:55:08 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-6315

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.

Published: October 10, 2014; 10:55:08 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-6243

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.

Published: October 10, 2014; 10:55:08 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-5389

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.

Published: October 06, 2014; 10:55:10 AM -04:00
    V2: 7.5 HIGH
CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Published: October 02, 2014; 10:55:04 AM -04:00
    V2: 6.5 MEDIUM
CVE-2011-4624

Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

Published: October 01, 2014; 10:55:09 AM -04:00
    V2: 4.3 MEDIUM
CVE-2003-1598

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

Published: October 01, 2014; 10:55:08 AM -04:00
    V2: 7.5 HIGH
CVE-2014-7152

Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.

Published: September 26, 2014; 05:55:07 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.

Published: September 26, 2014; 05:55:07 PM -04:00
    V2: 7.5 HIGH
CVE-2014-6445

Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.

Published: September 26, 2014; 05:55:07 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-5324

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.

Published: September 26, 2014; 06:55:04 AM -04:00
    V2: 6.5 MEDIUM
CVE-2014-7153

SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.

Published: September 22, 2014; 10:55:02 AM -04:00
    V2: 6.5 MEDIUM
CVE-2012-2583

Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Published: September 17, 2014; 10:55:03 AM -04:00
    V2: 4.3 MEDIUM