New vulnerabilities from the NVD: CVE-2016-10966 | | The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10965 | | The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10964 | | |
New vulnerabilities from the NVD: CVE-2016-10963 | | |
New vulnerabilities from the NVD: CVE-2016-10962 | | The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10961 | | |
New vulnerabilities from the NVD: CVE-2016-10960 | | The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10959 | | The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10958 | | The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10957 | | The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. Published at: September 16, 2019 at 04:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10956 | | The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. Published at: September 16, 2019 at 03:15PM View on website September 16, 2019 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9391 | | |
New vulnerabilities from the NVD: CVE-2015-9390 | | The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. Published at: September 20, 2019 at 06:15PM View on website September 20, 2019 at 07:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9389 | | |
New vulnerabilities from the NVD: CVE-2015-9388 | | The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. Published at: September 20, 2019 at 06:15PM View on website September 20, 2019 at 07:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9387 | | |
New vulnerabilities from the NVD: CVE-2015-9386 | | The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. Published at: September 20, 2019 at 06:15PM View on website September 20, 2019 at 07:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9385 | | |
New vulnerabilities from the NVD: CVE-2015-9384 | | |
New vulnerabilities from the NVD: CVE-2015-9408 | | The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9407 | | |
New vulnerabilities from the NVD: CVE-2015-9405 | | |
New vulnerabilities from the NVD: CVE-2015-9404 | | |
New vulnerabilities from the NVD: CVE-2015-9403 | | |
New vulnerabilities from the NVD: CVE-2015-9402 | | The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9401 | | The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9400 | | The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9399 | | The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9398 | | |
New vulnerabilities from the NVD: CVE-2015-9397 | | |
New vulnerabilities from the NVD: CVE-2015-9396 | | The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9395 | | |
New vulnerabilities from the NVD: CVE-2015-9394 | | The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. Published at: September 20, 2019 at 07:15PM View on website September 20, 2019 at 09:40PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-9393 | | |
New vulnerabilities from the NVD: CVE-2015-9392 | | |
New vulnerabilities from the NVD: CVE-2015-9406 | | Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. Published at: September 20, 2019 at 11:15PM View on website September 21, 2019 at 01:40AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-10397 | | The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. Published at: September 20, 2019 at 11:15PM View on website September 21, 2019 at 01:40AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-10396 | | The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. Published at: September 20, 2019 at 11:15PM View on website September 21, 2019 at 01:40AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар