National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,721 matching records.
Displaying matches 1461 through 1480.
Vuln ID Summary CVSS Severity
CVE-2015-3634

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.

Published: June 08, 2017; 05:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2014-9310

Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.

Published: June 07, 2017; 05:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-7314

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.

Published: June 07, 2017; 09:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-7313

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required.

Published: June 07, 2017; 09:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-7312

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).

Published: June 07, 2017; 09:29:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-9420

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.

Published: June 05, 2017; 03:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-9337

The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.

Published: June 01, 2017; 01:29:00 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-9336

The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.

Published: June 01, 2017; 01:29:00 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-9288

The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).

Published: May 29, 2017; 12:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-5682

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

Published: May 23, 2017; 12:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-5609

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

Published: May 23, 2017; 12:29:00 AM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2015-5469

Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.

Published: May 23, 2017; 12:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-5468

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.

Published: May 23, 2017; 12:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-4704

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.

Published: May 23, 2017; 12:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-4455

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.

Published: May 23, 2017; 12:29:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-2169

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 22, 2017; 12:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-2168

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 22, 2017; 12:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-9066

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

Published: May 18, 2017; 10:29:00 AM -04:00
V3.0: 8.6 HIGH
    V2: 5.0 MEDIUM
CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

Published: May 18, 2017; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

Published: May 18, 2017; 10:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM