National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 1,889 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2018-11366

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.

Published: May 22, 2018; 09:29:00 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-11244

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.

Published: May 18, 2018; 01:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-11105

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.

Published: May 15, 2018; 11:29:00 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-0590

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.

Published: May 14, 2018; 09:29:03 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-0589

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.

Published: May 14, 2018; 09:29:03 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-0588

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
V3: 7.5 HIGH
V2: 6.4 MEDIUM
CVE-2018-0587

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-0586

Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-0585

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:02 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-0579

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:01 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-0578

Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:01 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-0577

Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:00 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 14, 2018; 09:29:00 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-10752

The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.

Published: May 04, 2018; 10:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.

Published: May 01, 2018; 09:29:00 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-1000172

Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.

Published: April 30, 2018; 06:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-10573

interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.

Published: April 30, 2018; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-10572

interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.

Published: April 30, 2018; 01:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 5.5 MEDIUM
CVE-2018-10571

Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php.

Published: April 30, 2018; 01:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

Published: April 27, 2018; 12:29:00 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM