Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18524 | 1 Football Pool Project | 1 Football Pool | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18529 | 1 Bestwebsoft | 1 Promobar | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. | |||||
| CVE-2019-3965 | 1 Open-emr | 1 Openemr | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2017-18519 | 1 Marvinlabs | 1 Wp Customer Area | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages. | |||||
| CVE-2017-18561 | 1 Embed Images In Comments Project | 1 Embed Images In Comments | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The embed-comment-images plugin before 0.6 for WordPress has XSS. | |||||
| CVE-2017-18562 | 1 Bestwebsoft | 1 Error Log Viewer | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. | |||||
| CVE-2018-20970 | 1 Bestwebsoft | 1 Pdf \& Print | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues. | |||||
| CVE-2014-10378 | 1 Duplicate Post Project | 1 Duplicate Post | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The duplicate-post plugin before 2.6 for WordPress has XSS. | |||||
| CVE-2017-18525 | 1 Megamenu | 1 Max Mega Menu | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The megamenu plugin before 2.4 for WordPress has XSS. | |||||
| CVE-2017-18535 | 1 Smokesignal Project | 1 Smokesignal | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The smokesignal plugin before 1.2.7 for WordPress has XSS. | |||||
| CVE-2016-10897 | 1 Sermon Browser Project | 1 Sermon Browser | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10896 | 1 Clogica | 1 Seo Redirection | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The seo-redirection plugin before 4.3 for WordPress has stored XSS. | |||||
| CVE-2017-18531 | 1 Raygun | 1 Raygun4wp | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288. | |||||
| CVE-2017-18530 | 1 Bestwebsoft | 1 Rating | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18528 | 1 Bestwebsoft | 1 Pdf \& Print | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18527 | 1 Bestwebsoft | 1 Pagination | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18526 | 1 Lamp-solutions | 1 Moreads Se | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The moreads-se plugin before 1.4.7 for WordPress has XSS. | |||||
| CVE-2017-18520 | 1 Wp-kama | 1 Democracy Poll | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php. | |||||
| CVE-2015-9319 | 1 Greg\'s High Performance Seo Project | 1 Greg\'s High Performance Seo | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser. | |||||
| CVE-2019-15148 | 1 Gopro | 1 Gpmf-parser | 2019-08-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c. | |||||
| CVE-2019-15146 | 1 Gopro | 1 Gpmf-parser | 2019-08-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c. | |||||
| CVE-2019-15147 | 1 Gopro | 1 Gpmf-parser | 2019-08-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c. | |||||
| CVE-2016-10895 | 1 Optiontree Project | 1 Optiontree | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. | |||||
| CVE-2017-18518 | 1 Bestwebsoft | 1 Smtp | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18568 | 1 Mythemeshop | 1 My Wp Translate | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-wp-translate plugin before 1.0.4 for WordPress has XSS. | |||||
| CVE-2019-14682 | 1 Acf\ | 1 Better Search Project | 2019-08-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. | |||||
| CVE-2017-18517 | 1 Bestwebsoft | 1 Pinterest | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. | |||||
| CVE-2019-3963 | 1 Open-emr | 1 Openemr | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2017-18567 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.6 for WordPress has XSS. | |||||
| CVE-2015-9329 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | |||||
| CVE-2019-3964 | 1 Open-emr | 1 Openemr | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2016-10913 | 1 Joomunited | 1 Wp Latest Posts | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | |||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2019-08-22 | 5.8 MEDIUM | 6.5 MEDIUM |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | |||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2019-08-22 | 3.5 LOW | 5.4 MEDIUM |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | |||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-22 | 4.9 MEDIUM | 5.7 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | |||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||||
| CVE-2017-18532 | 1 Bestwebsoft | 1 Realty | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The realty plugin before 1.1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18533 | 1 Rimons Twitter Widget Project | 1 Rimons Twitter Widget | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. | |||||
| CVE-2017-18566 | 1 Bestwebsoft | 1 User Role | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. | |||||
| CVE-2018-20978 | 1 Soflyy | 1 Wp All Import | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.7 for WordPress has XSS. | |||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2019-08-21 | 3.5 LOW | 5.4 MEDIUM |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | |||||
| CVE-2019-1010034 | 1 Deepsoft | 1 Weblibrarian | 2019-08-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC. | |||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | |||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2019-08-21 | 3.5 LOW | 4.8 MEDIUM |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | |||||
| CVE-2019-14518 | 1 Modx | 1 Evolution Cms | 2019-08-21 | 3.5 LOW | 5.4 MEDIUM |
| ** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel." | |||||
| CVE-2015-9317 | 1 Getawesomesupport | 1 Awesome Support | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. | |||||
| CVE-2019-15082 | 1 Yofla | 1 360 Product Rotation | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. | |||||
| CVE-2016-10901 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools. | |||||
| CVE-2015-9321 | 1 Wpmadeeasy | 1 Shortcode Factory | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg. | |||||
| CVE-2017-18536 | 1 Fullworks | 1 Stop User Enumeration | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. | |||||