National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): wordpress
  • Search Type: Search All
There are 2,795 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-7104

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.

Published: January 17, 2020; 06:15:13 PM -05:00
(not available)
CVE-2020-7048

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

Published: January 16, 2020; 04:15:12 PM -05:00
(not available)
CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

Published: January 16, 2020; 04:15:12 PM -05:00
(not available)
CVE-2020-7108

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

Published: January 16, 2020; 12:15:12 AM -05:00
(not available)
CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

Published: January 16, 2020; 12:15:11 AM -05:00
(not available)
CVE-2015-5484

Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.

Published: January 15, 2020; 11:15:12 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

Published: January 13, 2020; 01:15:14 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

Published: January 13, 2020; 01:15:14 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-20210

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

Published: January 13, 2020; 01:15:14 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

Published: January 13, 2020; 01:15:13 PM -05:00
V3.1: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.

Published: January 13, 2020; 12:15:11 PM -05:00
(not available)
CVE-2014-6059

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

Published: January 13, 2020; 08:15:12 AM -05:00
(not available)
CVE-2014-4561

The ultimate-weather plugin 1.0 for WordPress has XSS

Published: January 10, 2020; 09:15:10 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2011-4595

Pretty-Link WordPress plugin 1.5.2 has XSS

Published: January 10, 2020; 09:15:09 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-4530

flog plugin 0.1 for WordPress has XSS

Published: January 10, 2020; 08:15:12 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-20182

The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.

Published: January 09, 2020; 05:15:13 PM -05:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2019-20181

The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter.

Published: January 09, 2020; 05:15:13 PM -05:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users.

Published: January 09, 2020; 04:15:11 PM -05:00
(not available)
CVE-2020-6168

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting).

Published: January 09, 2020; 03:15:11 PM -05:00
V3.1: 7.6 HIGH
    V2: 6.5 MEDIUM
CVE-2020-6166

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.

Published: January 09, 2020; 03:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 5.5 MEDIUM