Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15326 |
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-15325 |
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-13139 |
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.4 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-20987 |
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20986 |
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18585 |
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2017-18579 |
The corner-ad plugin before 1.0.8 for WordPress has XSS. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18578 |
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10929 |
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-10928 |
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-9340 |
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-9339 |
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-9338 |
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-9334 |
The email-newsletter plugin through 20.15 for WordPress has SQL injection. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-10393 |
The cforms2 plugin before 10.5 for WordPress has XSS. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-10386 |
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. Published: August 22, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-10382 |
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. Published: August 22, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-7483 |
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Published: August 22, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-15331 |
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. Published: August 22, 2019; 3:15:15 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15330 |
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. Published: August 22, 2019; 3:15:15 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |