Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Total 316116 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10959 1 Estatik 1 Estatik 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
CVE-2016-10958 1 Estatik 1 Estatik 2024-11-21 5.0 MEDIUM 7.5 HIGH
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.
CVE-2016-10957 1 Akal Project 1 Akal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.
CVE-2016-10956 1 Mail-masta Project 1 Mail-masta 2024-11-21 5.0 MEDIUM 7.5 HIGH
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CVE-2016-10955 1 Cysteme 1 Cysteme-finder 2024-11-21 7.5 HIGH 9.8 CRITICAL
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.
CVE-2016-10954 1 Dynamicpress 1 Neosense 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.
CVE-2016-10953 1 Headwaythemes 1 Headway 2024-11-21 3.5 LOW 5.4 MEDIUM
The Headway theme before 3.8.9 for WordPress has XSS via the license key field.
CVE-2016-10952 1 Quotes Collection Project 1 Quotes Collection 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.
CVE-2016-10951 1 Firestormplugins 1 Fs-shopping-cart 2024-11-21 6.5 MEDIUM 7.2 HIGH
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
CVE-2016-10950 1 Sirv 1 Sirv 2024-11-21 6.5 MEDIUM 8.8 HIGH
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
CVE-2016-10949 1 Relevanssi 1 Relevanssi 2024-11-21 6.8 MEDIUM 8.8 HIGH
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
CVE-2016-10948 1 Post Indexer Project 1 Post Indexer 2024-11-21 6.8 MEDIUM 8.1 HIGH
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.
CVE-2016-10947 1 Post Indexer Project 1 Post Indexer 2024-11-21 6.5 MEDIUM 7.2 HIGH
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
CVE-2016-10946 1 Wp-d3 Project 1 Wp-d3 2024-11-21 6.8 MEDIUM 8.8 HIGH
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
CVE-2016-10945 1 Pagelines 1 Pagelines 2024-11-21 6.8 MEDIUM 8.8 HIGH
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
CVE-2016-10944 1 Wpmaz 1 Multisite Post Duplicator 2024-11-21 6.8 MEDIUM 8.8 HIGH
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
CVE-2016-10943 1 Zx-csv-upload Project 1 Zx-csv-upload 2024-11-21 6.5 MEDIUM 7.2 HIGH
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
CVE-2016-10942 1 Podlove 1 Podlove Podcast Publisher 2024-11-21 7.5 HIGH 9.8 CRITICAL
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
CVE-2016-10941 1 Podlove 1 Podlove Podcast Publisher 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
CVE-2016-10940 1 Zm-gallery Project 1 Zm-gallery 2024-11-21 6.5 MEDIUM 7.2 HIGH
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.