National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,720 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2015-9488

The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 03:15:09 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9487

The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 03:15:09 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9486

The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 03:15:09 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9485

The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9484

The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9483

The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9482

The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9481

The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-17386

The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.

Published: October 10, 2019; 05:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-9480

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.

Published: October 10, 2019; 01:15:16 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9479

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.

Published: October 10, 2019; 01:15:16 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-9477

The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9476

The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9475

The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9474

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9473

The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9472

The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9471

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-9470

The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-9469

The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.

Published: October 10, 2019; 01:15:15 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW