National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,723 matching records.
Displaying matches 2041 through 2060.
Vuln ID Summary CVSS Severity
CVE-2014-4556

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4545

Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4538

Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4533

Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4528

Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4521

Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4520

Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4518

Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4516

Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4515

Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4513

Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

Published: July 01, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4030

Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.

Published: June 25, 2014; 04:55:07 PM -04:00
    V2: 6.8 MEDIUM
CVE-2014-3882

Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

Published: June 25, 2014; 07:19:22 AM -04:00
    V2: 6.8 MEDIUM
CVE-2012-2580

Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.

Published: June 20, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2012-2579

Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.

Published: June 20, 2014; 10:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4155

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

Published: June 19, 2014; 10:55:08 AM -04:00
    V2: 6.8 MEDIUM
CVE-2012-2572

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.

Published: June 19, 2014; 10:55:07 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4163

Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.

Published: June 16, 2014; 02:55:09 PM -04:00
    V2: 6.8 MEDIUM
CVE-2014-3850

Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.

Published: June 11, 2014; 10:55:08 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4017

Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.

Published: June 10, 2014; 10:55:10 AM -04:00
    V2: 4.3 MEDIUM