) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): wordpress
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-10984 |
The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. Published: September 17, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10983 |
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. Published: September 17, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10982 |
The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-10981 |
The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10980 |
The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10979 |
The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10978 |
The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-10977 |
The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10976 |
The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10975 |
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10974 |
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS. Published: September 17, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-10973 |
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. Published: September 16, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10972 |
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. Published: September 16, 2019; 1:15:10 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-10971 |
The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. Published: September 16, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-10970 |
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. Published: September 16, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10969 |
The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. Published: September 16, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10968 |
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. Published: September 16, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-10967 |
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. Published: September 16, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10966 |
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. Published: September 16, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-10965 |
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. Published: September 16, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 6.4 MEDIUM |