Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Total 299403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9408 1 Cyberseo 1 Xpinner Lite 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2015-9407 1 Cyberseo 1 Xpinner Lite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVE-2015-9406 1 Mtheme-unus Project 1 Mtheme-unus 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
CVE-2015-9405 1 Wp-piwik Project 1 Wp-piwik 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVE-2015-9404 1 Neuvoo 1 Neuvoo-jobroll 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.
CVE-2015-9403 1 Neuvoo 1 Neuvoo-jobroll 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.
CVE-2015-9402 1 Usersultra 1 Users Ultra Membership 2024-11-21 6.8 MEDIUM 8.8 HIGH
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
CVE-2015-9401 1 Websimon-tables Project 1 Websimon-tables 2024-11-21 3.5 LOW 4.8 MEDIUM
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.
CVE-2015-9400 1 Typomedia 1 Wordpress Meta Robots 2024-11-21 6.5 MEDIUM 8.8 HIGH
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
CVE-2015-9399 1 Trivetechnology 1 Wp-stats-dashboard 2024-11-21 6.5 MEDIUM 7.2 HIGH
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
CVE-2015-9398 1 Webmaster-source 1 Gocodes 2024-11-21 6.5 MEDIUM 8.8 HIGH
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
CVE-2015-9397 1 Webmaster-source 1 Gocodes 2024-11-21 3.5 LOW 5.4 MEDIUM
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
CVE-2015-9396 1 Attosoft 1 Auto Thickbox Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.
CVE-2015-9395 1 Usersultra 1 Users Ultra Membership 2024-11-21 6.5 MEDIUM 8.8 HIGH
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
CVE-2015-9394 1 Usersultra 1 Users Ultra Membership 2024-11-21 6.8 MEDIUM 8.8 HIGH
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
CVE-2015-9393 1 Usersultra 1 Users Ultra Membership 2024-11-21 3.5 LOW 5.4 MEDIUM
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.
CVE-2015-9392 1 Usersultra 1 Users Ultra Membership 2024-11-21 3.5 LOW 5.4 MEDIUM
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.
CVE-2015-9391 1 Ostenta 1 Yawpp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.
CVE-2015-9390 1 Admin Management Xtended Project 1 Admin Management Xtended 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
CVE-2015-9389 1 Mtouch Quiz Project 1 Mtouch Quiz 2024-11-21 3.5 LOW 5.4 MEDIUM
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.