Total
299248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10928 | 1 Onelogin | 1 Onelogin Saml Sso | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | |||||
| CVE-2016-10927 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | |||||
| CVE-2016-10926 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. | |||||
| CVE-2016-10925 | 1 Profilepress | 1 Loginwp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | |||||
| CVE-2016-10924 | 1 Zedna Ebook Download Project | 1 Zedna Ebook Download | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ebook-download plugin before 1.2 for WordPress has directory traversal. | |||||
| CVE-2016-10923 | 1 Visser | 1 Store Toolkit For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. | |||||
| CVE-2016-10922 | 1 Visser | 1 Store Toolkit For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. | |||||
| CVE-2016-10921 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2016-10920 | 1 Sir | 1 Gnucommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | |||||
| CVE-2016-10919 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | |||||
| CVE-2016-10918 | 1 Supsystic | 1 Photo Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | |||||
| CVE-2016-10917 | 1 Search Everything Project | 1 Search Everything | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2016-10916 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | |||||
| CVE-2016-10915 | 1 Supsystic | 1 Popup | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | |||||
| CVE-2016-10914 | 1 Add From Server Project | 1 Add From Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | |||||
| CVE-2016-10913 | 1 Joomunited | 1 Wp Latest Posts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | |||||
| CVE-2016-10912 | 1 Matchboxdesigngroup | 1 Universal Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The universal-analytics plugin before 1.3.1 for WordPress has XSS. | |||||
| CVE-2016-10911 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10910 | 1 Formbuilder Project | 1 Formbuilder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10909 | 1 Codepeople | 1 Booking Calendar Contact Form | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | |||||