Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,410 matching records.
Displaying matches 2,721 through 2,740.
Vuln ID Summary CVSS Severity
CVE-2014-4602

Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) ajaxpath parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4585

Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4584

Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4583

Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, or (5) order parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4575

Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4569

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4564

Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4556

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4545

Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4538

Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4533

Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4528

Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4521

Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4520

Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4518

Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4516

Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4515

Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4513

Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

Published: July 01, 2014; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-4030

Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.

Published: June 25, 2014; 4:55:07 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-3882

Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

Published: June 25, 2014; 7:19:22 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM