Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,254 matching records.
Displaying matches 1,901 through 1,920.
Vuln ID Summary CVSS Severity
CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14722

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14720

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14719

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-14718

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.

Published: September 23, 2017; 4:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-2826

WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.

Published: September 20, 2017; 2:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-4089

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.

Published: September 19, 2017; 11:29:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-3299

Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.

Published: September 19, 2017; 11:29:00 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14597

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.

Published: September 19, 2017; 3:29:00 AM -0400
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-14530

WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.

Published: September 17, 2017; 9:29:00 PM -0400
V3.1: 8.0 HIGH
V2.0: 6.0 MEDIUM
CVE-2017-1002028

Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.

Published: September 14, 2017; 9:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-1002027

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.

Published: September 14, 2017; 9:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-1002026

Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.

Published: September 14, 2017; 9:29:01 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-1002025

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.

Published: September 14, 2017; 9:29:01 AM -0400
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-1002023

Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php

Published: September 14, 2017; 9:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-1002022

Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.

Published: September 14, 2017; 9:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-1002021

Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.

Published: September 14, 2017; 9:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-1002020

Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.

Published: September 14, 2017; 9:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH