Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,408 matching records.
Displaying matches 2,581 through 2,600.
Vuln ID Summary CVSS Severity
CVE-2014-4517

Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.

Published: October 21, 2014; 11:55:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4514

Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.

Published: October 21, 2014; 11:55:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8375

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.

Published: October 21, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-8364

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.

Published: October 20, 2014; 1:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8363

SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

Published: October 20, 2014; 1:55:06 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-2995

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.

Published: October 17, 2014; 6:55:04 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-2559

Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.

Published: October 17, 2014; 6:55:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-7181

Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.

Published: October 16, 2014; 3:55:14 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-7138

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.

Published: October 16, 2014; 3:55:14 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6312

Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.

Published: October 15, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6313

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.

Published: October 14, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-7297

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.

Published: October 13, 2014; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-7139

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.

Published: October 10, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6315

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.

Published: October 10, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6243

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.

Published: October 10, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-5389

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.

Published: October 06, 2014; 10:55:10 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Published: October 02, 2014; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2011-4624

Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

Published: October 01, 2014; 10:55:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2003-1598

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

Published: October 01, 2014; 10:55:08 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7152

Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.

Published: September 26, 2014; 5:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM