National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,795 matching records.
Displaying matches 1581 through 1600.
Vuln ID Summary CVSS Severity
CVE-2017-6817

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

Published: March 11, 2017; 08:59:00 PM -05:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2017-6816

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

Published: March 11, 2017; 08:59:00 PM -05:00
V3.0: 4.9 MEDIUM
    V2: 5.5 MEDIUM
CVE-2017-6815

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.

Published: March 11, 2017; 08:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.

Published: March 11, 2017; 08:59:00 PM -05:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2017-6578

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6577

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6576

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6575

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6574

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6573

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6572

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6571

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6570

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.

Published: March 09, 2017; 04:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6104

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.

Published: March 02, 2017; 05:59:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.

Published: March 02, 2017; 05:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-6102

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.

Published: March 02, 2017; 05:59:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-8636

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.

Published: February 22, 2017; 11:59:00 AM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-6098

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6097

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-6096

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.

Published: February 21, 2017; 02:59:00 AM -05:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM