NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview

There are 243,448 matching records.

Displaying matches 120,281 through 120,300.

Vuln ID	Summary	CVSS Severity
CVE-2015-9433	The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. Published: September 25, 2019; 10:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9432	The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. Published: September 25, 2019; 10:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9431	The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. Published: September 25, 2019; 10:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2019-16901	Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. Published: September 25, 2019; 9:15:11 PM -0400	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2019-16900	Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. Published: September 25, 2019; 9:15:11 PM -0400	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2019-16899	In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. Published: September 25, 2019; 9:15:11 PM -0400	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2015-9449	The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. Published: September 25, 2019; 9:15:11 PM -0400	V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM
CVE-2015-9430	The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. Published: September 25, 2019; 9:15:11 PM -0400	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9429	The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9428	The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9427	The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9426	The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 3.5 LOW
CVE-2015-9425	The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9424	The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9423	The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW
CVE-2015-9422	The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9421	The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9420	The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9419	The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. Published: September 25, 2019; 9:15:10 PM -0400	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2015-9418	The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. Published: September 25, 2019; 8:15:10 PM -0400	V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 5.8 MEDIUM