National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,927 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2015-5483

Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.

Published: January 28, 2020; 03:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2013-2714

Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.

Published: January 28, 2020; 03:15:11 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-4462

WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability

Published: January 27, 2020; 10:15:11 AM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2013-0286

Pinboard 1.0.6 theme for Wordpress has XSS.

Published: January 27, 2020; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2013-1744

IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.

Published: January 25, 2020; 02:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2012-6649

WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.

Published: January 23, 2020; 05:15:09 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-7238

The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS

Published: January 23, 2020; 10:15:13 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

Published: January 22, 2020; 02:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-7109

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.

Published: January 22, 2020; 12:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-7228

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.

Published: January 22, 2020; 10:15:11 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-6849

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS.

Published: January 21, 2020; 02:15:14 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-11018

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().

Published: January 21, 2020; 02:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-7239

The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.

Published: January 21, 2020; 12:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-7241

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.

Published: January 20, 2020; 03:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-7104

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.

Published: January 17, 2020; 06:15:13 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-7048

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

Published: January 16, 2020; 04:15:12 PM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

Published: January 16, 2020; 04:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-7108

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

Published: January 16, 2020; 12:15:12 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

Published: January 16, 2020; 12:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-5484

Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.

Published: January 15, 2020; 11:15:12 AM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW