National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): wordpress
There are 2,667 matching records.
Displaying matches 1681 through 1700.
Vuln ID Summary CVSS Severity
CVE-2015-2220

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.

Published: March 05, 2015; 11:59:02 AM -05:00
    V2: 4.3 MEDIUM
CVE-2015-2218

Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

Published: March 05, 2015; 11:59:01 AM -05:00
    V2: 4.3 MEDIUM
CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

Published: March 05, 2015; 11:59:00 AM -05:00
    V2: 7.5 HIGH
CVE-2015-2216

SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.

Published: March 05, 2015; 10:59:02 AM -05:00
    V2: 7.5 HIGH
CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

Published: March 03, 2015; 02:59:05 PM -05:00
    V2: 6.5 MEDIUM
CVE-2015-2196

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.

Published: March 03, 2015; 02:59:02 PM -05:00
    V2: 7.5 HIGH
CVE-2015-2195

Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php.

Published: March 03, 2015; 02:59:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2015-2194

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors.

Published: March 03, 2015; 02:59:00 PM -05:00
    V2: 6.5 MEDIUM
CVE-2015-0890

The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Published: March 03, 2015; 06:59:04 AM -05:00
    V2: 5.0 MEDIUM
CVE-2014-9283

The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Published: March 03, 2015; 06:59:01 AM -05:00
    V2: 5.0 MEDIUM
CVE-2015-2090

SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Published: February 26, 2015; 10:59:04 AM -05:00
    V2: 7.5 HIGH
CVE-2015-2089

Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php.

Published: February 26, 2015; 10:59:03 AM -05:00
    V2: 6.8 MEDIUM
CVE-2015-2084

Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.

Published: February 25, 2015; 05:59:04 PM -05:00
    V2: 6.8 MEDIUM
CVE-2015-2069

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.

Published: February 24, 2015; 12:59:05 PM -05:00
    V2: 4.3 MEDIUM
CVE-2015-2065

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.

Published: February 24, 2015; 12:59:01 PM -05:00
    V2: 7.5 HIGH
CVE-2015-2040

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.

Published: February 20, 2015; 11:59:09 AM -05:00
    V2: 4.3 MEDIUM
CVE-2015-2039

Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php.

Published: February 20, 2015; 11:59:08 AM -05:00
    V2: 6.8 MEDIUM
CVE-2015-1879

Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.

Published: February 19, 2015; 10:59:20 AM -05:00
    V2: 4.3 MEDIUM
CVE-2015-1614

Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page.

Published: February 19, 2015; 10:59:19 AM -05:00
    V2: 6.8 MEDIUM
CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.

Published: February 17, 2015; 10:59:05 AM -05:00
    V2: 4.3 MEDIUM