U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): wordpress
There are 9,642 matching records.
Displaying matches 8,581 through 8,600.
Vuln ID Summary CVSS Severity
CVE-2017-6954

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.

Published: March 17, 2017; 5:59:00 AM -0400
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-0770

Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.

Published: March 16, 2017; 11:59:00 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6819

In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.

Published: March 11, 2017; 8:59:00 PM -0500
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6818

In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.

Published: March 11, 2017; 8:59:00 PM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6817

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

Published: March 11, 2017; 8:59:00 PM -0500
V4.0:(not available)
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-6816

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

Published: March 11, 2017; 8:59:00 PM -0500
V4.0:(not available)
V3.0: 4.9 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2017-6815

In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.

Published: March 11, 2017; 8:59:00 PM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.

Published: March 11, 2017; 8:59:00 PM -0500
V4.0:(not available)
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-6578

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6577

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6576

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6575

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6574

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6573

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6572

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6571

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6570

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.

Published: March 09, 2017; 4:59:00 AM -0500
V4.0:(not available)
V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-6104

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.

Published: March 02, 2017; 5:59:00 PM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.

Published: March 02, 2017; 5:59:00 PM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6102

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.

Published: March 02, 2017; 5:59:00 PM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM