Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18525 | 1 Megamenu | 1 Max Mega Menu | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The megamenu plugin before 2.4 for WordPress has XSS. | |||||
| CVE-2016-10897 | 1 Sermon Browser Project | 1 Sermon Browser | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10896 | 1 Clogica | 1 Seo Redirection | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The seo-redirection plugin before 4.3 for WordPress has stored XSS. | |||||
| CVE-2017-18531 | 1 Raygun | 1 Raygun4wp | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288. | |||||
| CVE-2017-18530 | 1 Bestwebsoft | 1 Rating | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18528 | 1 Bestwebsoft | 1 Pdf \& Print | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18527 | 1 Bestwebsoft | 1 Pagination | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18526 | 1 Lamp-solutions | 1 Moreads Se | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The moreads-se plugin before 1.4.7 for WordPress has XSS. | |||||
| CVE-2017-18520 | 1 Wp-kama | 1 Democracy Poll | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php. | |||||
| CVE-2015-9319 | 1 Greg\'s High Performance Seo Project | 1 Greg\'s High Performance Seo | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser. | |||||
| CVE-2016-10895 | 1 Optiontree Project | 1 Optiontree | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. | |||||
| CVE-2017-18518 | 1 Bestwebsoft | 1 Smtp | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18568 | 1 Mythemeshop | 1 My Wp Translate | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-wp-translate plugin before 1.0.4 for WordPress has XSS. | |||||
| CVE-2017-18517 | 1 Bestwebsoft | 1 Pinterest | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. | |||||
| CVE-2019-3963 | 1 Open-emr | 1 Openemr | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2015-9329 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | |||||
| CVE-2017-18567 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.6 for WordPress has XSS. | |||||
| CVE-2019-3964 | 1 Open-emr | 1 Openemr | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2016-10913 | 1 Joomunited | 1 Wp Latest Posts | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | |||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2019-08-22 | 3.5 LOW | 5.4 MEDIUM |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | |||||
| CVE-2017-18532 | 1 Bestwebsoft | 1 Realty | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The realty plugin before 1.1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18566 | 1 Bestwebsoft | 1 User Role | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18533 | 1 Rimons Twitter Widget Project | 1 Rimons Twitter Widget | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. | |||||
| CVE-2018-20978 | 1 Soflyy | 1 Wp All Import | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.7 for WordPress has XSS. | |||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2019-08-21 | 3.5 LOW | 5.4 MEDIUM |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | |||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | |||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2019-08-21 | 3.5 LOW | 4.8 MEDIUM |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | |||||
| CVE-2019-14518 | 1 Modx | 1 Evolution Cms | 2019-08-21 | 3.5 LOW | 5.4 MEDIUM |
| ** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel." | |||||
| CVE-2015-9317 | 1 Getawesomesupport | 1 Awesome Support | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. | |||||
| CVE-2019-15082 | 1 Yofla | 1 360 Product Rotation | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. | |||||
| CVE-2016-10901 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools. | |||||
| CVE-2015-9321 | 1 Wpmadeeasy | 1 Shortcode Factory | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg. | |||||
| CVE-2017-18536 | 1 Fullworks | 1 Stop User Enumeration | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. | |||||
| CVE-2016-10908 | 1 Codepeople | 1 Booking Calendar Contact Form | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | |||||
| CVE-2017-18554 | 1 Analytics Tracker Project | 1 Analytics Tracker | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event. | |||||
| CVE-2017-18537 | 1 Bestwebsoft | 1 Visitors Online | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18541 | 1 Xakuro | 1 Xo Security | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xo-security plugin before 1.5.3 for WordPress has XSS. | |||||
| CVE-2019-15053 | 1 Atlassian | 1 Html Include And Replace Macro | 2019-08-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. | |||||
| CVE-2016-10900 | 1 Wpmanage | 1 Uji Countdown | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The uji-countdown plugin before 2.0.7 for WordPress has XSS. | |||||
| CVE-2017-18555 | 1 Mediaburst | 1 Booking Calendar | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The booking-sms plugin before 1.1.0 for WordPress has XSS. | |||||
| CVE-2017-18556 | 1 Bestwebsoft | 1 Google Analytics | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18557 | 1 Bestwebsoft | 1 Google Maps | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18558 | 1 Bestwebsoft | 1 Testimonials | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18560 | 1 Content Audit Project | 1 Content Audit | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The content-audit plugin before 1.9.2 for WordPress has XSS. | |||||
| CVE-2019-14949 | 1 Wpseeds | 1 Wp Database Backup | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | |||||
| CVE-2017-18542 | 1 Bestwebsoft | 1 Zendesk Help Center | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18553 | 1 Ad Buttons Project | 1 Ad Buttons | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ad-buttons plugin before 2.3.2 for WordPress has XSS. | |||||
| CVE-2017-18565 | 1 Bestwebsoft | 1 Updater | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updater plugin before 1.35 for WordPress has multiple XSS issues. | |||||
| CVE-2019-15110 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. | |||||
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2019-08-20 | 3.5 LOW | 5.4 MEDIUM |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | |||||