WordPress mailchimp-for-wp plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mailchimp-for-wp is a plugin used to send e-mail to subscribers. A cross-site scripting vulnerability exists in the WordPress...

WordPress nelio-ab-testing plugin code issue vulnerability (CNVD-2019-30750)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nelio-ab-testing is a plugin for A/B testing of websites. The WordPress nelio-ab-testing plugin has a code issue vulnerability and no...

WordPress memphis-documents-library plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. memphis-documents-library is a document library plugin for organizing and distributing documents used in it. A cross-site scripting...

WordPress reflex-gallery plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. reflex-gallery is a responsive photo gallery plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

WordPress media-library-assistant plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. media-library-assistant is a multimedia library management plugin used in it. A cross-site scripting vulnerability exists in the...

WordPress appointment-booking-calendar plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. appointment-booking-calendar is an online appointment management plugin used in it. A SQL injection vulnerability exists in the...

DianoxDragon Hawn SQL Injection Vulnerability

DianoxDragon Hawn is a plugin for managing spawn on servers. A SQL injection vulnerability exists in versions of DianoxDragon Hawn prior to 2019-07-10, which can be exploited by an attacker to execute illegal SQL commands...

CVE-2019-14314

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via...

CVE-2019-15647

The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulkactionlistener remote code execution...

CVE-2014-10395

The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list...

Design/Logic Flaw

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber...

CVE-2019-15648

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber...

WordPress wp-file-upload plugin code issue vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-file-upload is a file upload plugin used in it. A code issue vulnerability exists in the WordPress wp-file-upload plugin,...

WordPress feature-comments plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. feature-comments is a comment management plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...

WordPress gallery-photo-gallery plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. gallery-photo-gallery is a responsive gallery plugin used in it. A SQL injection vulnerability exists in the WordPress...

WordPress sermon-browser plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sermon-browser is a church sermon plugin used in it. A cross-site scripting vulnerability exists in the WordPress sermon-browser plugi...

WordPress shortcode-factory plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. A cross-site scripting vulnerability exists in the WordPress...

CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...

WordPress wp-slimstat plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-slimstat is a website monitoring plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

WordPress universal-analytics plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress universal-analytics plugin. An attacker can explo...