Search Results (Refine Search)
- Keyword (text search): wordpress
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4538 |
Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4533 |
Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4528 |
Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4521 |
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4520 |
Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4518 |
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4516 |
Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4515 |
Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4513 |
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. Published: July 01, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4030 |
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php. Published: June 25, 2014; 4:55:07 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-3882 |
Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. Published: June 25, 2014; 7:19:22 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-2580 |
Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email. Published: June 20, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2579 |
Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email. Published: June 20, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2572 |
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. Published: June 19, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4163 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php. Published: June 16, 2014; 2:55:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-3850 |
Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php. Published: June 11, 2014; 10:55:08 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-4017 |
Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. Published: June 10, 2014; 10:55:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3961 |
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. Published: June 04, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-3937 |
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: June 02, 2014; 11:55:11 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-3476 |
Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors. Published: June 02, 2014; 11:55:10 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |