Total
309068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9469 | 1 Cybercraftit | 1 Content-grabber | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | |||||
| CVE-2015-9468 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | |||||
| CVE-2015-9467 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | |||||
| CVE-2015-9466 | 1 Webtechideas | 1 Wti Like Post | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable. | |||||
| CVE-2015-9465 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. | |||||
| CVE-2015-9464 | 1 S3bubble | 1 S3bubble-amazon-s3-html-5-video-with-adverts | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | |||||
| CVE-2015-9463 | 1 S3bubble | 1 S3bubble-amazon-s3-audio-streaming | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | |||||
| CVE-2015-9462 | 1 Awesome Filterable Portfolio Project | 1 Awesome Filterable Portfolio | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | |||||
| CVE-2015-9461 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | |||||
| CVE-2015-9460 | 1 Pinpoint | 1 Pinpoint Booking System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | |||||
| CVE-2015-9459 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. | |||||
| CVE-2015-9458 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | |||||
| CVE-2015-9456 | 1 Orbisius | 1 Child Theme Creator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | |||||
| CVE-2015-9455 | 1 Incsub | 1 Buddypress-activity-plus | 2024-11-21 | 7.8 HIGH | 8.1 HIGH |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | |||||
| CVE-2015-9454 | 1 Slidervilla | 1 Smooth Slider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. | |||||
| CVE-2015-9453 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | |||||
| CVE-2015-9451 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | |||||
| CVE-2015-9450 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | |||||
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | |||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | |||||