Search Results (Refine Search)
- Keyword (text search): wordpress
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-9404 |
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-9403 |
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-9402 |
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-9401 |
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2015-9400 |
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-9399 |
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-9398 |
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-9397 |
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. Published: September 20, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2015-9396 |
The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. Published: September 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-9395 |
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. Published: September 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-9394 |
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. Published: September 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-9393 |
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. Published: September 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2015-9392 |
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. Published: September 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-11013 |
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-11012 |
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-11011 |
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-11010 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-11009 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-11008 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-11007 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |