National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,046 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2016-10904

The olimometer plugin before 2.57 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
(not available)
CVE-2015-9326

The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
(not available)
CVE-2015-9325

The visitors-online plugin before 0.4 for WordPress has SQL injection.

Published: August 16, 2019; 10:15:09 AM -04:00
(not available)
CVE-2019-14789

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)
CVE-2019-14788

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)
CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)
CVE-2019-14784

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.

Published: August 15, 2019; 12:15:12 PM -04:00
(not available)
CVE-2019-13578

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.

Published: August 15, 2019; 12:15:11 PM -04:00
(not available)
CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.

Published: August 15, 2019; 11:15:15 AM -04:00
(not available)
CVE-2019-14795

The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.

Published: August 15, 2019; 11:15:14 AM -04:00
(not available)
CVE-2019-14790

The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,

Published: August 15, 2019; 11:15:14 AM -04:00
(not available)
CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.

Published: August 14, 2019; 05:15:13 PM -04:00
(not available)
CVE-2018-20968

The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2018-20967

The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2017-18512

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2017-18511

The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2017-18510

The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2016-10888

The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.

Published: August 14, 2019; 12:15:12 PM -04:00
(not available)
CVE-2016-10887

The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.

Published: August 14, 2019; 12:15:11 PM -04:00
(not available)