U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
There are 243,520 matching records.
Displaying matches 122,001 through 122,020.
Vuln ID Summary CVSS Severity
CVE-2019-15314

tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.

Published: August 22, 2019; 9:15:13 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14511

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-20982

The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-20979

The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-18575

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18573

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-18572

The gnucommerce plugin before 1.4.2 for WordPress has XSS.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18571

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-18570

The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-10921

The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.

Published: August 22, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-10920

The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10919

The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10918

The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-10917

The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-10916

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-9336

The clean-login plugin before 1.5.1 for WordPress has reflected XSS.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-9335

The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.

Published: August 22, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH