National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,699 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2017-18613

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18612

The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10945

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10944

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10943

The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.

Published: September 13, 2019; 08:15:11 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10942

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10941

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10940

The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10939

The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10938

The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.

Published: September 13, 2019; 08:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5992

Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: September 12, 2019; 01:15:14 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-16250

includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence.

Published: September 11, 2019; 07:15:14 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-14936

Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).

Published: September 11, 2019; 03:15:11 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users.

Published: September 11, 2019; 10:15:12 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-16222

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

Published: September 11, 2019; 10:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16221

WordPress before 5.2.3 allows reflected XSS in the dashboard.

Published: September 11, 2019; 10:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16220

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.

Published: September 11, 2019; 10:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews.

Published: September 11, 2019; 10:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16218

WordPress before 5.2.3 allows XSS in stored comments.

Published: September 11, 2019; 10:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16217

WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.

Published: September 11, 2019; 10:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM