Export limit exceeded: 344145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9453 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 6.1 Medium |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | ||||
| CVE-2015-9451 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2024-11-21 | 9.8 Critical |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | ||||
| CVE-2015-9450 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2024-11-21 | 9.8 Critical |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | ||||
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2024-11-21 | 7.2 High |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | ||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2024-11-21 | 8.8 High |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | ||||
| CVE-2015-9447 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 6.5 Medium |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | ||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | ||||
| CVE-2015-9444 | 1 Altosresearch | 1 Altos-connect | 2024-11-21 | 6.1 Medium |
| The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | ||||
| CVE-2015-9443 | 1 Wp Accurate Form Data Project | 1 Wp Accurate Form Data | 2024-11-21 | 6.5 Medium |
| The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | ||||
| CVE-2015-9442 | 1 Avenirsoft | 1 Directdownload | 2024-11-21 | 6.5 Medium |
| The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | ||||
| CVE-2015-9441 | 1 Bookmarkify Project | 1 Bookmarkify | 2024-11-21 | 6.5 Medium |
| The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | ||||
| CVE-2015-9440 | 1 Monetize Project | 1 Monetize | 2024-11-21 | 6.5 Medium |
| The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | ||||
| CVE-2015-9439 | 1 Addthis | 1 Addthis | 2024-11-21 | 4.8 Medium |
| The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | ||||
| CVE-2015-9438 | 1 Display-widgets Project | 1 Display-widgets | 2024-11-21 | 5.4 Medium |
| The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | ||||
| CVE-2015-9435 | 1 Dash10 | 1 Oauth Server | 2024-11-21 | 9.8 Critical |
| The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | ||||
| CVE-2015-9434 | 1 Kiwi-logo-carousel Project | 1 Kiwi-logo-carousel | 2024-11-21 | 6.5 Medium |
| The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | ||||
| CVE-2015-9433 | 1 Wp Social Bookmarking Light Project | 1 Wp Social Bookmarking Light | 2024-11-21 | 6.5 Medium |
| The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. | ||||
| CVE-2015-9432 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2024-11-21 | 6.5 Medium |
| The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | ||||
| CVE-2015-9431 | 1 Qtranslate X Project | 1 Qtranslate X | 2024-11-21 | 6.5 Medium |
| The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | ||||