Total
309315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10957 | 1 Akal Project | 1 Akal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. | |||||
| CVE-2016-10956 | 1 Mail-masta Project | 1 Mail-masta | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. | |||||
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | |||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
| CVE-2016-10953 | 1 Headwaythemes | 1 Headway | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | |||||
| CVE-2016-10952 | 1 Quotes Collection Project | 1 Quotes Collection | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. | |||||
| CVE-2016-10951 | 1 Firestormplugins | 1 Fs-shopping-cart | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | |||||
| CVE-2016-10950 | 1 Sirv | 1 Sirv | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | |||||
| CVE-2016-10948 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. | |||||
| CVE-2016-10947 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | |||||
| CVE-2016-10946 | 1 Wp-d3 Project | 1 Wp-d3 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-d3 plugin before 2.4.1 for WordPress has CSRF. | |||||
| CVE-2016-10945 | 1 Pagelines | 1 Pagelines | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | |||||
| CVE-2016-10944 | 1 Wpmaz | 1 Multisite Post Duplicator | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | |||||
| CVE-2016-10943 | 1 Zx-csv-upload Project | 1 Zx-csv-upload | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10942 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | |||||
| CVE-2016-10941 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | |||||
| CVE-2016-10940 | 1 Zm-gallery Project | 1 Zm-gallery | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | |||||
| CVE-2016-10939 | 1 Xtremelocator | 1 Xtremelocator | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10938 | 1 Copy-me Project | 1 Copy-me | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. | |||||