National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 2,799 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2019-19597

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

Published: December 04, 2019; 11:15:11 PM -05:00
V3.1: 8.8 HIGH
    V2: 8.3 HIGH
CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.

Published: December 04, 2019; 11:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-19133

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks.

Published: December 04, 2019; 02:15:11 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19129

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.

Published: November 26, 2019; 11:15:13 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-19306

The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.

Published: November 26, 2019; 10:15:13 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9539

The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.

Published: November 26, 2019; 10:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9538

The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.

Published: November 26, 2019; 10:15:11 AM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2015-9537

The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.

Published: November 26, 2019; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2012-6079

W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys.

Published: November 22, 2019; 02:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2012-6078

W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes.

Published: November 22, 2019; 02:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2012-6077

W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files.

Published: November 22, 2019; 02:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-14467

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.

Published: November 18, 2019; 11:15:11 AM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-17550

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

Published: November 13, 2019; 04:15:12 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

Published: November 13, 2019; 04:15:12 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14366

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).

Published: November 12, 2019; 04:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-14365

The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).

Published: November 12, 2019; 04:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-17237

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.

Published: November 12, 2019; 12:15:10 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-17236

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.

Published: November 12, 2019; 12:15:10 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17235

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.

Published: November 12, 2019; 12:15:10 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-17234

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.

Published: November 12, 2019; 12:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 6.4 MEDIUM