) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-11010 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-11009 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-11008 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-11007 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-11006 |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-11005 |
The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-11004 |
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-11003 |
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-11002 |
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-11001 |
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-11000 |
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-10999 |
The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. Published: September 20, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10998 |
The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10997 |
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10996 |
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2015-9391 |
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9390 |
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2015-9389 |
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. Published: September 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2015-9388 |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. Published: September 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9387 |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. Published: September 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |