National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,707 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2016-10986

The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.

Published: September 17, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10985

The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.

Published: September 17, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.

Published: September 17, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10983

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.

Published: September 17, 2019; 11:15:12 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-10982

The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10981

The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10980

The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10979

The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10978

The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-10976

The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10975

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10974

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.

Published: September 17, 2019; 11:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10973

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.

Published: September 16, 2019; 01:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10972

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

Published: September 16, 2019; 01:15:10 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10971

The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10968

The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10967

The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM