) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): wordpress
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-9363 |
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). Published: August 28, 2019; 8:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9362 |
The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). Published: August 28, 2019; 8:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9361 |
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9360 |
The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9358 |
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9357 |
The akismet plugin before 3.1.5 for WordPress has XSS. Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9356 |
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9355 |
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9354 |
The gigpress plugin before 2.3.11 for WordPress has XSS. Published: August 28, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2015-9353 |
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. Published: August 28, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2012-6719 |
The sharebar plugin before 1.2.2 for WordPress has SQL injection. Published: August 28, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2012-6718 |
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. Published: August 28, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2012-6717 |
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. Published: August 28, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2011-5329 |
The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. Published: August 28, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-14314 |
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. Published: August 27, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-15660 |
The wp-members plugin before 3.2.8 for WordPress has CSRF. Published: August 27, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2019-15650 |
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. Published: August 27, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2017-18592 |
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. Published: August 27, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2017-18591 |
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. Published: August 27, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10936 |
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. Published: August 27, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |