) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-18522 |
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18519 |
The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18518 |
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10895 |
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10892 |
The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9320 |
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9319 |
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser. Published: August 20, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15238 |
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. Published: August 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-18569 |
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. Published: August 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-18568 |
The my-wp-translate plugin before 1.0.4 for WordPress has XSS. Published: August 20, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18567 |
The wp-all-import plugin before 3.4.6 for WordPress has XSS. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18520 |
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18517 |
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10915 |
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-10914 |
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-10913 |
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10893 |
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9332 |
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2015-9331 |
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-9330 |
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. Published: August 20, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |