# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
33051 |
CVE-2015-1000013 |
434 |
|
|
2016-10-06 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 |
33052 |
CVE-2015-1000012 |
200 |
|
+Info File Inclusion |
2016-10-06 |
2017-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin |
33053 |
CVE-2015-1000010 |
284 |
|
|
2016-10-06 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Remote file download in simple-image-manipulator v1.0 wordpress plugin |
33054 |
CVE-2015-1000009 |
284 |
|
|
2016-10-06 |
2016-10-26 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 |
33055 |
CVE-2015-1000008 |
200 |
|
+Info |
2016-10-06 |
2016-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 |
33056 |
CVE-2015-1000007 |
285 |
|
|
2016-10-06 |
2016-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Remote file download vulnerability in wptf-image-gallery v1.03 |
33057 |
CVE-2015-1000006 |
22 |
|
Dir. Trav. |
2016-10-06 |
2017-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Remote file download vulnerability in recent-backups v0.7 wordpress plugin |
33058 |
CVE-2015-1000005 |
22 |
|
Dir. Trav. |
2016-10-06 |
2017-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin |
33059 |
CVE-2015-1000004 |
79 |
|
XSS |
2016-10-06 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
XSS in filedownload v1.4 wordpress plugin |
33060 |
CVE-2015-1000002 |
20 |
|
|
2016-10-06 |
2017-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open Proxy in filedownload v1.4 wordpress plugin |
33061 |
CVE-2015-1000001 |
434 |
|
|
2016-10-06 |
2017-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin |
33062 |
CVE-2015-1000000 |
434 |
|
|
2016-10-06 |
2016-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin |
33063 |
CVE-2015-9480 |
22 |
|
Dir. Trav. |
2019-10-10 |
2019-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. |
33064 |
CVE-2015-9478 |
79 |
|
XSS |
2019-10-10 |
2019-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. |
33065 |
CVE-2015-9477 |
276 |
|
|
2019-10-10 |
2019-10-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. |
33066 |
CVE-2015-9476 |
276 |
|
|
2019-10-10 |
2019-10-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. |
33067 |
CVE-2015-9473 |
22 |
|
Dir. Trav. |
2019-10-10 |
2019-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter. |
33068 |
CVE-2015-9472 |
79 |
|
XSS |
2019-10-10 |
2019-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. |
33069 |
CVE-2015-9468 |
79 |
|
XSS |
2019-10-10 |
2019-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. |
33070 |
CVE-2015-9465 |
89 |
|
Sql |
2019-10-10 |
2019-10-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. |
33071 |
CVE-2015-9464 |
22 |
|
Dir. Trav. |
2019-10-10 |
2019-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. |
33072 |
CVE-2015-9463 |
22 |
|
Dir. Trav. |
2019-10-10 |
2019-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. |
33073 |
CVE-2015-9462 |
89 |
|
Sql |
2019-10-10 |
2019-10-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. |
33074 |
CVE-2015-9461 |
89 |
|
Sql |
2019-10-10 |
2019-10-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. |
33075 |
CVE-2015-9460 |
89 |
|
Sql |
2019-10-10 |
2019-10-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. |
33076 |
CVE-2015-9459 |
79 |
|
XSS |
2019-10-10 |
2019-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. |
33077 |
CVE-2015-9458 |
89 |
|
Sql CSRF |
2019-10-10 |
2019-10-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. |
33078 |
CVE-2015-9456 |
732 |
|
|
2019-10-07 |
2019-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. |
33079 |
CVE-2015-9454 |
89 |
|
Sql |
2019-10-07 |
2019-10-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. |
33080 |
CVE-2015-9453 |
79 |
|
XSS |
2019-10-07 |
2019-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
33081 |
CVE-2015-9449 |
89 |
|
Sql |
2019-09-25 |
2019-09-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. |
33082 |
CVE-2015-9448 |
89 |
|
Sql |
2019-09-26 |
2019-09-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. |
33083 |
CVE-2015-9447 |
352 |
|
Sql CSRF |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. |
33084 |
CVE-2015-9446 |
89 |
|
Sql |
2019-09-26 |
2019-09-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. |
33085 |
CVE-2015-9445 |
352 |
|
Sql CSRF |
2019-09-26 |
2019-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. |
33086 |
CVE-2015-9444 |
79 |
|
XSS |
2019-09-26 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. |
33087 |
CVE-2015-9443 |
352 |
|
XSS CSRF |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. |
33088 |
CVE-2015-9442 |
352 |
|
XSS CSRF |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. |
33089 |
CVE-2015-9441 |
352 |
|
XSS CSRF |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. |
33090 |
CVE-2015-9440 |
352 |
|
XSS CSRF |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. |
33091 |
CVE-2015-9439 |
79 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. |
33092 |
CVE-2015-9438 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. |
33093 |
CVE-2015-9437 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. |
33094 |
CVE-2015-9436 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. |
33095 |
CVE-2015-9434 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. |
33096 |
CVE-2015-9433 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. |
33097 |
CVE-2015-9432 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. |
33098 |
CVE-2015-9431 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. |
33099 |
CVE-2015-9430 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. |
33100 |
CVE-2015-9429 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. |