National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,503 matching records.
Displaying matches 1741 through 1760.
Vuln ID Summary CVSS Severity
CVE-2014-4018

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

Published: July 16, 2014; 10:19:03 AM -04:00
    V2: 7.8 HIGH
CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.

Published: July 14, 2014; 10:55:07 AM -04:00
    V2: 6.5 MEDIUM
CVE-2014-4942

The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.

Published: July 11, 2014; 04:55:03 PM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4941

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.

Published: July 11, 2014; 04:55:03 PM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4940

Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.

Published: July 11, 2014; 04:55:03 PM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4939

SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.

Published: July 11, 2014; 04:55:03 PM -04:00
    V2: 6.5 MEDIUM
CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.

Published: July 11, 2014; 04:55:03 PM -04:00
    V2: 7.5 HIGH
CVE-2014-4937

Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Published: July 11, 2014; 04:55:03 PM -04:00
    V2: 5.0 MEDIUM
CVE-2014-4856

Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information.

Published: July 10, 2014; 12:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4855

Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.

Published: July 10, 2014; 12:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4854

Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.

Published: July 10, 2014; 12:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4848

Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php.

Published: July 10, 2014; 12:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4847

Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.

Published: July 10, 2014; 12:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4846

Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.

Published: July 10, 2014; 10:55:04 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4845

Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.

Published: July 10, 2014; 10:55:04 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4724

Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php.

Published: July 07, 2014; 10:55:04 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4723

Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php.

Published: July 07, 2014; 10:55:04 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4717

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

Published: July 03, 2014; 10:55:09 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4606

Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs_sid parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4597

Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM