Unknown · CVSS Not scored
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
Published Aug 28, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The visitors-online plugin before 0.4 for WordPress has SQL injection.
Published Aug 16, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-rollback plugin before 1.2.3 for WordPress has CSRF.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-rollback plugin before 1.2.3 for WordPress has XSS.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The events-manager plugin before 5.6 for WordPress has XSS.
Published Aug 13, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
Published Aug 14, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
Published Aug 14, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
Published Aug 12, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
Published Aug 14, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
Published Aug 16, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
Published Aug 12, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
Published Aug 16, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.
Published Aug 13, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
Published Aug 13, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The cp-polls plugin before 1.0.5 for WordPress has XSS.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
Published Aug 27, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
Published Aug 13, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The profile-builder plugin before 2.2.5 for WordPress has XSS.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
Published Aug 14, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
Published Aug 13, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
Published Aug 1, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.
Published Aug 12, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
Published Aug 16, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
Published Aug 16, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
Published Aug 14, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.
Published Aug 12, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
Published Aug 13, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
Published Aug 14, 2019 · Updated Aug 6, 2024