# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
33101 |
CVE-2015-9428 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. |
33102 |
CVE-2015-9427 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. |
33103 |
CVE-2015-9426 |
79 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. |
33104 |
CVE-2015-9425 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. |
33105 |
CVE-2015-9424 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. |
33106 |
CVE-2015-9423 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. |
33107 |
CVE-2015-9422 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. |
33108 |
CVE-2015-9421 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. |
33109 |
CVE-2015-9420 |
79 |
|
XSS |
2019-09-25 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. |
33110 |
CVE-2015-9419 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. |
33111 |
CVE-2015-9418 |
352 |
|
CSRF |
2019-09-25 |
2019-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. |
33112 |
CVE-2015-9417 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. |
33113 |
CVE-2015-9416 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. |
33114 |
CVE-2015-9415 |
20 |
|
File Inclusion |
2019-09-25 |
2019-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. |
33115 |
CVE-2015-9414 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. |
33116 |
CVE-2015-9413 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. |
33117 |
CVE-2015-9412 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. |
33118 |
CVE-2015-9411 |
79 |
|
XSS |
2019-09-25 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Postmatic plugin before 1.4.6 for WordPress has XSS. |
33119 |
CVE-2015-9410 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter. |
33120 |
CVE-2015-9409 |
352 |
|
XSS CSRF |
2019-09-25 |
2019-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. |
33121 |
CVE-2015-9408 |
352 |
|
XSS CSRF |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. |
33122 |
CVE-2015-9407 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. |
33123 |
CVE-2015-9406 |
22 |
|
Dir. Trav. |
2019-09-20 |
2019-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. |
33124 |
CVE-2015-9405 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-piwik plugin before 1.0.5 for WordPress has XSS. |
33125 |
CVE-2015-9404 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. |
33126 |
CVE-2015-9403 |
79 |
|
XSS |
2019-09-20 |
2019-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. |
33127 |
CVE-2015-9402 |
434 |
|
|
2019-09-20 |
2019-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. |
33128 |
CVE-2015-9401 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. |
33129 |
CVE-2015-9400 |
89 |
|
Sql |
2019-09-20 |
2019-09-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. |
33130 |
CVE-2015-9399 |
89 |
|
Sql |
2019-09-20 |
2019-09-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. |
33131 |
CVE-2015-9398 |
89 |
|
Sql |
2019-09-20 |
2019-09-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. |
33132 |
CVE-2015-9397 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. |
33133 |
CVE-2015-9396 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. |
33134 |
CVE-2015-9395 |
89 |
|
Sql |
2019-09-20 |
2019-09-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. |
33135 |
CVE-2015-9394 |
352 |
|
CSRF |
2019-09-20 |
2019-09-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. |
33136 |
CVE-2015-9393 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. |
33137 |
CVE-2015-9392 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. |
33138 |
CVE-2015-9391 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. |
33139 |
CVE-2015-9390 |
269 |
|
|
2019-09-20 |
2019-09-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. |
33140 |
CVE-2015-9389 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. |
33141 |
CVE-2015-9388 |
352 |
|
XSS CSRF |
2019-09-20 |
2019-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. |
33142 |
CVE-2015-9387 |
352 |
|
CSRF |
2019-09-20 |
2019-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. |
33143 |
CVE-2015-9386 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. |
33144 |
CVE-2015-9385 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The quotes-and-tips plugin before 1.20 for WordPress has XSS. |
33145 |
CVE-2015-9384 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The relevant plugin before 1.0.8 for WordPress has XSS. |
33146 |
CVE-2015-9383 |
125 |
|
|
2019-09-03 |
2019-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. |
33147 |
CVE-2015-9382 |
125 |
|
|
2019-09-03 |
2019-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. |
33148 |
CVE-2015-9381 |
125 |
|
|
2019-09-03 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. |
33149 |
CVE-2015-9380 |
352 |
|
CSRF |
2019-08-30 |
2019-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The photo-gallery plugin before 1.2.42 for WordPress has CSRF. |
33150 |
CVE-2015-9379 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). |