# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
27201 |
CVE-2016-1000150 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin simplified-content v1.0.0 |
27202 |
CVE-2016-1000149 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 |
27203 |
CVE-2016-1000148 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin s3-video v0.983 |
27204 |
CVE-2016-1000147 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin recipes-writer v1.0.4 |
27205 |
CVE-2016-1000146 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin pondol-formmail v1.1 |
27206 |
CVE-2016-1000145 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin pondol-carousel v1.0 |
27207 |
CVE-2016-1000144 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin photoxhibit v2.1.8 |
27208 |
CVE-2016-1000143 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin photoxhibit v2.1.8 |
27209 |
CVE-2016-1000142 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin parsi-font v4.2.5 |
27210 |
CVE-2016-1000141 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin page-layout-builder v1.9.3 |
27211 |
CVE-2016-1000140 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin new-year-firework v1.1.9 |
27212 |
CVE-2016-1000139 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin infusionsoft v1.5.11 |
27213 |
CVE-2016-1000138 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin indexisto v1.0.5 |
27214 |
CVE-2016-1000137 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 |
27215 |
CVE-2016-1000136 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin heat-trackr v1.0 |
27216 |
CVE-2016-1000135 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin hdw-tube v1.2 |
27217 |
CVE-2016-1000134 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin hdw-tube v1.2 |
27218 |
CVE-2016-1000133 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 |
27219 |
CVE-2016-1000132 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 |
27220 |
CVE-2016-1000131 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin e-search v1.0 |
27221 |
CVE-2016-1000130 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin e-search v1.0 |
27222 |
CVE-2016-1000129 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin defa-online-image-protector v3.3 |
27223 |
CVE-2016-1000128 |
79 |
|
XSS |
2016-10-10 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin anti-plagiarism v3.60 |
27224 |
CVE-2016-1000127 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin ajax-random-post v2.00 |
27225 |
CVE-2016-1000126 |
79 |
|
XSS |
2016-10-10 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in wordpress plugin admin-font-editor v1.8 |
27226 |
CVE-2016-1000122 |
89 |
|
Sql XSS |
2016-10-27 |
2016-12-22 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension |
27227 |
CVE-2016-1000121 |
79 |
|
XSS |
2016-10-27 |
2016-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension |
27228 |
CVE-2016-1000120 |
89 |
|
Sql XSS |
2016-10-27 |
2016-12-22 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla |
27229 |
CVE-2016-1000119 |
79 |
|
XSS |
2016-10-21 |
2018-05-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla |
27230 |
CVE-2016-1000118 |
79 |
|
XSS |
2016-10-21 |
2018-05-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
XSS & SQLi in HugeIT slideshow v1.0.4 |
27231 |
CVE-2016-1000117 |
79 |
|
XSS |
2016-10-21 |
2017-01-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
XSS & SQLi in HugeIT slideshow v1.0.4 |
27232 |
CVE-2016-1000116 |
79 |
|
Sql XSS |
2016-10-21 |
2017-03-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS |
27233 |
CVE-2016-1000115 |
79 |
|
Sql XSS |
2016-10-21 |
2017-11-13 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS |
27234 |
CVE-2016-1000114 |
79 |
|
XSS |
2016-10-06 |
2018-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
XSS in huge IT gallery v1.1.5 for Joomla |
27235 |
CVE-2016-1000033 |
295 |
|
|
2016-10-25 |
2017-02-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. |
27236 |
CVE-2016-1000032 |
284 |
|
|
2016-10-25 |
2017-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. |
27237 |
CVE-2016-1000009 |
254 |
|
|
2016-10-06 |
2018-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. |
27238 |
CVE-2016-1000007 |
79 |
|
XSS |
2016-10-07 |
2017-02-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Pagure 2.2.1 XSS in raw file endpoint |
27239 |
CVE-2016-1000001 |
601 |
|
|
2016-10-07 |
2017-02-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect |
27240 |
CVE-2016-1000000 |
89 |
|
Sql |
2016-10-06 |
2017-11-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection |
27241 |
CVE-2016-11013 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. |
27242 |
CVE-2016-11012 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. |
27243 |
CVE-2016-11011 |
269 |
|
|
2019-09-20 |
2019-09-20 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. |
27244 |
CVE-2016-11010 |
668 |
|
|
2019-09-20 |
2019-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. |
27245 |
CVE-2016-11009 |
668 |
|
|
2019-09-20 |
2019-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. |
27246 |
CVE-2016-11008 |
668 |
|
|
2019-09-20 |
2019-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. |
27247 |
CVE-2016-11007 |
668 |
|
|
2019-09-20 |
2019-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. |
27248 |
CVE-2016-11006 |
668 |
|
|
2019-09-20 |
2019-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. |
27249 |
CVE-2016-11005 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. |
27250 |
CVE-2016-11004 |
269 |
|
|
2019-09-20 |
2019-09-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. |