National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,797 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2015-9423

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.

Published: September 25, 2019; 09:15:10 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9422

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.

Published: September 25, 2019; 09:15:10 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9421

The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.

Published: September 25, 2019; 09:15:10 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9420

The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.

Published: September 25, 2019; 09:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9419

The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.

Published: September 25, 2019; 09:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9418

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 5.8 MEDIUM
CVE-2015-9417

The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9416

The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9414

The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9413

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9412

The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9411

The Postmatic plugin before 1.4.6 for WordPress has XSS.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9410

The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.

Published: September 25, 2019; 08:15:10 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9409

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.

Published: September 25, 2019; 01:15:10 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9406

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.

Published: September 20, 2019; 04:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2014-10397

The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.

Published: September 20, 2019; 04:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2014-10396

The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.

Published: September 20, 2019; 04:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9408

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9407

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM