Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9364 | 1 2checkout | 1 Ithemes 2checkout | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| 2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9362 | 1 Never5 | 1 Post Connector | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9363 | 1 Ithemes | 1 Exchange | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9365 | 1 Ithemes | 1 Authorize.net | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9361 | 1 Never5 | 1 Related Posts | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-1010124 | 1 Webappick | 1 Woocommerce Product Feed | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in. | |||||
| CVE-2019-14774 | 1 Getwooplugins | 1 Woo-variation-swatches | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | |||||
| CVE-2019-13564 | 1 Pingidentity | 1 Agentless Integration Kit | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ping Identity Agentless Integration Kit before 1.5. | |||||
| CVE-2015-9376 | 1 Ithemes | 1 Mobile | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15713 | 1 My Calendar Project | 1 My Calendar | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-calendar plugin before 3.1.10 for WordPress has XSS. | |||||
| CVE-2018-16259 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16258 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16257 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16256 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16255 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2015-9357 | 1 Automattic | 1 Akismet | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The akismet plugin before 3.1.5 for WordPress has XSS. | |||||
| CVE-2019-13189 | 1 Eng | 1 Knowage | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | |||||
| CVE-2018-16254 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2017-18591 | 1 Gdragon | 1 Gd Rating System | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. | |||||
| CVE-2018-18668 | 1 Gnuboard | 1 Gnuboard5 | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | |||||
| CVE-2015-9354 | 1 Tri.be | 1 Gigpress | 2019-08-29 | 3.5 LOW | 4.8 MEDIUM |
| The gigpress plugin before 2.3.11 for WordPress has XSS. | |||||
| CVE-2017-18579 | 1 Dwbooster | 1 Corner Ad | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The corner-ad plugin before 1.0.8 for WordPress has XSS. | |||||
| CVE-2016-10934 | 1 Check Email Project | 1 Check Email | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The check-email plugin before 0.5.2 for WordPress has XSS. | |||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | |||||
| CVE-2014-10395 | 1 Codepeople | 1 Polls Cp | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | |||||
| CVE-2015-9342 | 1 Impress | 1 Wp Rollback | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-rollback plugin before 1.2.3 for WordPress has XSS. | |||||
| CVE-2015-9349 | 1 Cksource | 1 Ckeditor | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. | |||||
| CVE-2015-9350 | 1 Slickremix | 1 Feed Them Social | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. | |||||
| CVE-2016-10936 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. | |||||
| CVE-2015-9347 | 1 Plot | 1 Plotly | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | |||||
| CVE-2015-9346 | 1 Codepeople | 1 Polls Cp | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cp-polls plugin before 1.0.5 for WordPress has XSS. | |||||
| CVE-2019-15314 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-08-28 | 3.5 LOW | 5.4 MEDIUM |
| tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | |||||
| CVE-2019-15501 | 1 Lsoft | 1 Listserv | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | |||||
| CVE-2019-13274 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | |||||
| CVE-2017-18590 | 1 Bestwebsoft | 1 Timesheet | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. | |||||
| CVE-2019-15644 | 1 Zoho | 1 Salesiq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. | |||||
| CVE-2018-21001 | 1 Bologer | 1 Anycomment | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The anycomment plugin before 0.0.33 for WordPress has XSS. | |||||
| CVE-2019-15479 | 1 Status Board Project | 1 Status Board | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via dashboard.ts. | |||||
| CVE-2019-15227 | 1 Getflightpath | 1 Flightpath | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions. | |||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | |||||
| CVE-2017-18540 | 1 Deepsoft | 1 Weblibrarian | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. | |||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-19386 | 1 Solarwinds | 1 Database Performance Analyzer | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | |||||
| CVE-2016-6858 | 1 Sap | 1 Hybris | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2019-14221 | 1 1crm | 1 1crm On-premise | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. | |||||
| CVE-2019-13476 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | |||||
| CVE-2018-20986 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | |||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | |||||
| CVE-2019-15488 | 1 Igniterealtime | 1 Openfire | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | |||||