Total
299233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9431 | 1 Qtranslate X Project | 1 Qtranslate X | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | |||||
| CVE-2015-9430 | 1 Crazy Bone Project | 1 Crazy Bone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. | |||||
| CVE-2015-9429 | 1 Yithemes | 1 Yith Maintenance Mode | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | |||||
| CVE-2015-9428 | 1 Wplegalpages | 1 Wp Legal Pages | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. | |||||
| CVE-2015-9427 | 1 Googmonify Project | 1 Googmonify | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | |||||
| CVE-2015-9426 | 1 Manual Image Crop Project | 1 Manual Image Crop | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. | |||||
| CVE-2015-9425 | 1 Byonepress | 1 Social Locker | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | |||||
| CVE-2015-9424 | 1 Doc4design | 1 Multicons | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | |||||
| CVE-2015-9423 | 1 Simplysymphony | 1 Plugnedit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. | |||||
| CVE-2015-9422 | 1 Simplysymphony | 1 Plugnedit | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. | |||||
| CVE-2015-9421 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | |||||
| CVE-2015-9420 | 1 Mightymess | 1 Soundcloud Is Gold | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. | |||||
| CVE-2015-9419 | 1 Captain-slider Project | 1 Captain-slider | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. | |||||
| CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
| The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | |||||
| CVE-2015-9417 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | |||||
| CVE-2015-9416 | 1 Onthegosystems | 1 Sitepress-multilingual-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. | |||||
| CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | |||||
| CVE-2015-9414 | 1 Wpsymposiumpro | 1 Wp-symposium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. | |||||
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | |||||
| CVE-2015-9412 | 1 Royal-slider Project | 1 Royal-slider | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. | |||||