National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,611 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2016-10955

The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.

Published: September 13, 2019; 09:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10954

The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.

Published: September 13, 2019; 09:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10953

The Headway theme before 3.8.9 for WordPress has XSS via the license key field.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10952

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10951

The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10950

The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10949

The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10948

The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10947

The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10946

The wp-d3 plugin before 2.4.1 for WordPress has CSRF.

Published: September 13, 2019; 09:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18615

The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 8.1 HIGH
    V2: 9.3 HIGH
CVE-2017-18613

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18612

The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10945

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10944

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10943

The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10942

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10941

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10940

The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM