Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,254 matching records.
Displaying matches 1,881 through 1,900.
Vuln ID Summary CVSS Severity
CVE-2017-14848

WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.

Published: October 02, 2017; 9:29:02 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-7357

Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.

Published: October 02, 2017; 9:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9234

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.

Published: September 29, 2017; 9:29:00 PM -0400
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-9233

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

Published: September 29, 2017; 9:29:00 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14507

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.

Published: September 28, 2017; 9:34:49 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-2551

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-14847

Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-14846

Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-14845

Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-14844

Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-14843

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-14842

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 9:29:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-14622

Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.

Published: September 27, 2017; 9:29:01 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14766

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.

Published: September 27, 2017; 4:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 6.4 MEDIUM
CVE-2017-14760

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.

Published: September 27, 2017; 4:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14751

The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.

Published: September 26, 2017; 6:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-7670

Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.

Published: September 26, 2017; 11:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14125

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

Published: September 25, 2017; 1:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14726

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 4.9 MEDIUM