Export limit exceeded: 75148 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75148 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9464 | 1 S3bubble | 1 S3bubble-amazon-s3-html-5-video-with-adverts | 2024-11-21 | 7.5 High |
| The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | ||||
| CVE-2015-9463 | 1 S3bubble | 1 S3bubble-amazon-s3-audio-streaming | 2024-11-21 | 7.5 High |
| The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | ||||
| CVE-2015-9462 | 1 Awesome Filterable Portfolio Project | 1 Awesome Filterable Portfolio | 2024-11-21 | 7.2 High |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | ||||
| CVE-2015-9461 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | 7.2 High |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | ||||
| CVE-2015-9460 | 1 Pinpoint | 1 Pinpoint Booking System | 2024-11-21 | 8.8 High |
| The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | ||||
| CVE-2015-9458 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2024-11-21 | 7.2 High |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | ||||
| CVE-2015-9455 | 1 Incsub | 1 Buddypress-activity-plus | 2024-11-21 | 8.1 High |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | ||||
| CVE-2015-9454 | 1 Slidervilla | 1 Smooth Slider | 2024-11-21 | 8.8 High |
| The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. | ||||
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2024-11-21 | 7.2 High |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | ||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2024-11-21 | 8.8 High |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | ||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | ||||
| CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2024-11-21 | 7.5 High |
| The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | ||||
| CVE-2015-9406 | 1 Mtheme-unus Project | 1 Mtheme-unus | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | ||||
| CVE-2015-9402 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. | ||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2024-11-21 | 8.8 High |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | ||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2024-11-21 | 7.2 High |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | ||||
| CVE-2015-9398 | 1 Webmaster-source | 1 Gocodes | 2024-11-21 | 8.8 High |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. | ||||
| CVE-2015-9395 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. | ||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | ||||