National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 1,889 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-13413

The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.

Published: July 08, 2019; 10:15:10 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-13379

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Published: July 07, 2019; 12:15:10 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.

Published: July 05, 2019; 12:15:11 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-5984

Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:13 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5983

Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5980

Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5979

Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5974

Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5973

Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5972

Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5971

Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5970

Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 05, 2019; 10:15:12 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5963

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: July 05, 2019; 10:15:11 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-5962

Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 05, 2019; 10:15:11 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-13275

An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.

Published: July 04, 2019; 03:15:10 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12570

A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.

Published: July 03, 2019; 02:15:10 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-11686

The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.

Published: July 03, 2019; 01:15:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-12826

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

Published: July 01, 2019; 02:15:11 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-12346

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

Published: June 24, 2019; 05:15:12 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-10271

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.

Published: June 24, 2019; 03:15:10 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM