Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9377 | 1 Ithemes | 1 Builder Theme Depot | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15811 | 1 Domainmod | 1 Domainmod | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | |||||
| CVE-2019-15842 | 1 Easy Pdf Restaurant Menu Upload Project | 1 Easy Pdf Restaurant Menu Upload | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | |||||
| CVE-2019-15778 | 1 Getwooplugins | 1 Additional Variation Images For Woocommerce | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | |||||
| CVE-2018-16967 | 1 File Manager Project | 1 File Manager | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | |||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | |||||
| CVE-2019-13235 | 1 Alkacon | 1 Opencms Apollo Template | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. | |||||
| CVE-2019-15081 | 1 Opencart | 1 Opencart | 2019-09-02 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. | |||||
| CVE-2019-13234 | 1 Alkacon | 1 Opencms Apollo Template | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. | |||||
| CVE-2019-13236 | 1 Alkacon | 1 Opencms | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. | |||||
| CVE-2016-10872 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | |||||
| CVE-2016-10875 | 1 Wpseeds | 1 Wp Database Backup | 2019-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 4.3.1 for WordPress has XSS. | |||||
| CVE-2011-5329 | 1 Redirection | 1 Redirection | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | |||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | |||||
| CVE-2015-9359 | 1 Automattic | 1 Jetpack | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2017-18593 | 1 Updraftplus | 1 Updraftplus | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. | |||||
| CVE-2015-9360 | 1 Updraftplus | 1 Updraftplus | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9356 | 1 Wp-vipergb Project | 1 Wp-vipergb | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. | |||||
| CVE-2019-15230 | 1 Librenms | 1 Librenms | 2019-08-30 | 3.5 LOW | 5.4 MEDIUM |
| LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. | |||||
| CVE-2015-9364 | 1 2checkout | 1 Ithemes 2checkout | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| 2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9362 | 1 Never5 | 1 Post Connector | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9363 | 1 Ithemes | 1 Exchange | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9365 | 1 Ithemes | 1 Authorize.net | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9361 | 1 Never5 | 1 Related Posts | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-1010124 | 1 Webappick | 1 Woocommerce Product Feed | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in. | |||||
| CVE-2019-14774 | 1 Getwooplugins | 1 Woo-variation-swatches | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | |||||
| CVE-2019-13564 | 1 Pingidentity | 1 Agentless Integration Kit | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ping Identity Agentless Integration Kit before 1.5. | |||||
| CVE-2015-9376 | 1 Ithemes | 1 Mobile | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15713 | 1 My Calendar Project | 1 My Calendar | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-calendar plugin before 3.1.10 for WordPress has XSS. | |||||
| CVE-2018-16257 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16255 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16258 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16256 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2018-16259 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2015-9357 | 1 Automattic | 1 Akismet | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The akismet plugin before 3.1.5 for WordPress has XSS. | |||||
| CVE-2019-13189 | 1 Eng | 1 Knowage | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | |||||
| CVE-2018-16254 | 1 Soflyy | 1 Wp All Import | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator. | |||||
| CVE-2017-18591 | 1 Gdragon | 1 Gd Rating System | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. | |||||
| CVE-2018-18668 | 1 Gnuboard | 1 Gnuboard5 | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | |||||
| CVE-2015-9354 | 1 Tri.be | 1 Gigpress | 2019-08-29 | 3.5 LOW | 4.8 MEDIUM |
| The gigpress plugin before 2.3.11 for WordPress has XSS. | |||||
| CVE-2017-18579 | 1 Dwbooster | 1 Corner Ad | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The corner-ad plugin before 1.0.8 for WordPress has XSS. | |||||
| CVE-2016-10934 | 1 Check Email Project | 1 Check Email | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The check-email plugin before 0.5.2 for WordPress has XSS. | |||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | |||||
| CVE-2014-10395 | 1 Codepeople | 1 Polls Cp | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | |||||
| CVE-2015-9342 | 1 Impress | 1 Wp Rollback | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-rollback plugin before 1.2.3 for WordPress has XSS. | |||||
| CVE-2015-9349 | 1 Cksource | 1 Ckeditor | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. | |||||
| CVE-2015-9350 | 1 Slickremix | 1 Feed Them Social | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. | |||||
| CVE-2016-10936 | 1 Wp-polls Project | 1 Wp-polls | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. | |||||
| CVE-2015-9347 | 1 Plot | 1 Plotly | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | |||||
| CVE-2015-9346 | 1 Codepeople | 1 Polls Cp | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cp-polls plugin before 1.0.5 for WordPress has XSS. | |||||