National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,619 matching records.
Displaying matches 1881 through 1900.
Vuln ID Summary CVSS Severity
CVE-2014-4563

Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4555

Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4554

Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4549

Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4546

Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4534

Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter.

Published: July 02, 2014; 04:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4605

Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Published: July 02, 2014; 02:55:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4604

Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter.

Published: July 02, 2014; 02:55:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4603

Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter.

Published: July 02, 2014; 02:55:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4601

Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter.

Published: July 02, 2014; 02:55:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4600

Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter.

Published: July 02, 2014; 02:55:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4599

Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4598

Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4596

Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4595

Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4594

Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4593

Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4590

Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4589

Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4588

Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.

Published: July 02, 2014; 02:55:10 PM -04:00
    V2: 4.3 MEDIUM