CVE-2015-9445
|
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
Published:
September 26, 2019; 12:15:12 AM -04:00
|
V3.1: 8.8 HIGH
V2: 6.8 MEDIUM
|
CVE-2015-9444
|
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.
Published:
September 26, 2019; 12:15:12 AM -04:00
|
V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9443
|
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
Published:
September 26, 2019; 12:15:11 AM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9442
|
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
Published:
September 26, 2019; 12:15:11 AM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9441
|
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.
Published:
September 26, 2019; 12:15:11 AM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9440
|
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.
Published:
September 26, 2019; 12:15:11 AM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9439
|
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
Published:
September 25, 2019; 11:15:10 PM -04:00
|
V3.1: 4.8 MEDIUM
V2: 3.5 LOW
|
CVE-2015-9438
|
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 5.4 MEDIUM
V2: 3.5 LOW
|
CVE-2015-9437
|
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9436
|
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 5.4 MEDIUM
V2: 3.5 LOW
|
CVE-2015-9435
|
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2015-9434
|
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9433
|
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9432
|
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9431
|
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
Published:
September 25, 2019; 10:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9449
|
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
Published:
September 25, 2019; 09:15:11 PM -04:00
|
V3.1: 7.2 HIGH
V2: 6.5 MEDIUM
|
CVE-2015-9430
|
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.
Published:
September 25, 2019; 09:15:11 PM -04:00
|
V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9429
|
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
Published:
September 25, 2019; 09:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9428
|
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
Published:
September 25, 2019; 09:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2015-9427
|
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
Published:
September 25, 2019; 09:15:10 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.3 MEDIUM
|