CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

384 matches found

Cvelist•added 2020/06/15 1:10 p.m.•21 views

CVE-2019-19110

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter...

5AI score0.00709EPSS

Exploits2References1

NVD•added 2020/03/13 4:15 p.m.•27 views

CVE-2020-10196

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

6.1CVSS6.5AI score0.01421EPSS

Exploits1References2

Prion•added 2020/03/13 4:15 p.m.•9 views

Cross site scripting

4.3CVSS6.4AI score0.01421EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/01/28 7:9 p.m.•13 views

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

8.8AI score0.01584EPSS

Exploits3References3

CNVD•added 2019/10/08 12:0 a.m.•2 views

WordPress Elementor Pro Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. elementor is a drag-and-drop page builder plugin used in it. A cross-site scripting vulnerability exists in the elementor-edit-templat...

6.1CVSS6.2AI score0.01303EPSS

Exploits0References1

Prion•added 2019/10/07 3:15 p.m.•12 views

Directory traversal

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

7.8CVSS7.2AI score0.00715EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/10/07 2:25 p.m.•15 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.2AI score0.00715EPSS

Exploits0References2

NVD•added 2019/10/07 12:15 p.m.•20 views

CVE-2018-18379

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS...

6.1CVSS6.4AI score0.01303EPSS

Exploits0References3

Prion•added 2019/10/07 12:15 p.m.•18 views

Cross site scripting

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS...

4.3CVSS6.3AI score0.01303EPSS

Exploits0References3Affected Software1

CVE•added 2019/10/07 11:28 a.m.•100 views

CVE-2018-18379

The CVE-2018-18379 entry concerns the Elementor Pro WordPress plugin before version 2.0.10, where the elementor-edit-template class in wp-admin/customize.php enables cross-site scripting due to improper validation of client-side data. The vulnerability affects Elementor Pro on WordPress and is ex...

6.1CVSS6.3AI score0.01303EPSS

Exploits0References3Affected Software1

Cvelist•added 2019/09/26 3:53 a.m.•16 views

CVE-2015-9441

The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php...

6.3AI score0.00832EPSS

Exploits1References2

CVE•added 2019/09/26 3:33 a.m.•154 views

CVE-2015-9448

The CVE-2015-9448 issue affects the WordPress SendPress plugin (versions prior to 1.2). The vulnerability is an SQL Injection in the wp-admin/admin.php?page=sp-queue listid parameter. Impact per sources includes manipulation/exfiltration of data via the web interface, with CVSS scores indicating ...

8.8CVSS9.2AI score0.01927EPSS

Exploits1References3Affected Software1

Prion•added 2019/09/26 2:15 a.m.•10 views

Cross site request forgery (csrf)

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...

4.3CVSS6.2AI score0.00859EPSS

Exploits1References3Affected Software1

NVD•added 2019/09/26 1:15 a.m.•14 views

CVE-2015-9425

The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=opanda-item&page=license-manager-sociallocker-next licensekey parameter...

5.4CVSS5.4AI score0.00682EPSS

Exploits1References3

NVD•added 2019/09/26 1:15 a.m.•13 views

CVE-2015-9429

The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panelpage parameter...

6.5CVSS6.4AI score0.00867EPSS

Exploits1References3

Prion•added 2019/09/26 1:15 a.m.•11 views

Cross site request forgery (csrf)

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...

4.3CVSS6.2AI score0.00859EPSS

Exploits1References3Affected Software1

Prion•added 2019/09/26 1:15 a.m.•10 views

Cross site request forgery (csrf)

The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panelpage parameter...

4.3CVSS6.2AI score0.00867EPSS

Exploits1References3Affected Software1

NVD•added 2019/09/20 4:15 p.m.•19 views

CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection...

8.8CVSS9.2AI score0.01944EPSS

Exploits1References3

NVD•added 2019/09/20 4:15 p.m.•12 views

CVE-2015-9400

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection...

8.8CVSS9.2AI score0.01944EPSS

Exploits1References3