Unknown · CVSS Not scored
The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.
Published Oct 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.
Published Oct 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Published Oct 11, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Published Oct 11, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Published Oct 11, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Published Oct 11, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Published Oct 7, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
Published Oct 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Published Oct 11, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
Published Oct 7, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
Published Oct 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.
Published Oct 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
Published Oct 10, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Published Oct 11, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Published Oct 23, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
Published Oct 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
Published Oct 10, 2019 · Updated Aug 6, 2024