Total
82344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | |||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | |||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | |||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | |||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | |||||
| CVE-2015-9381 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | |||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | |||||
| CVE-2015-9353 | 1 Tri | 1 Gigpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | |||||
| CVE-2015-9348 | 1 Codepeople | 1 Sell Downloads | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | |||||
| CVE-2015-9345 | 1 Petersplugins | 1 Link Log | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. | |||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | |||||
| CVE-2015-9341 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | |||||
| CVE-2015-9340 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | |||||
| CVE-2015-9339 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | |||||
| CVE-2015-9338 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | |||||
| CVE-2015-9337 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | |||||
| CVE-2015-9331 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | |||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | |||||
| CVE-2015-9318 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | |||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | |||||