National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,606 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2017-18599

The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter.

Published: September 10, 2019; 07:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18598

The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.

Published: September 10, 2019; 07:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18597

The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.

Published: September 10, 2019; 07:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-18596

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.

Published: September 10, 2019; 07:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15895

search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes.

Published: September 09, 2019; 09:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-21014

The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.

Published: September 09, 2019; 09:15:11 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2018-21013

The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.

Published: September 09, 2019; 09:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-21012

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.

Published: September 09, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-21011

The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.

Published: September 09, 2019; 09:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-16120

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.

Published: September 08, 2019; 07:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-16119

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

Published: September 08, 2019; 07:15:10 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-16118

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

Published: September 08, 2019; 07:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16117

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.

Published: September 08, 2019; 07:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14470

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.

Published: September 04, 2019; 04:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.

Published: September 03, 2019; 02:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.

Published: September 03, 2019; 09:15:11 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.

Published: September 03, 2019; 09:15:11 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15871

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.

Published: September 03, 2019; 09:15:10 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-15870

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.

Published: September 03, 2019; 08:15:11 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-15869

The JobCareer theme before 2.5.1 for WordPress has stored XSS.

Published: September 03, 2019; 08:15:11 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW