# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
41501 |
CVE-2015-9385 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The quotes-and-tips plugin before 1.20 for WordPress has XSS. |
41502 |
CVE-2015-9384 |
79 |
|
XSS |
2019-09-20 |
2019-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The relevant plugin before 1.0.8 for WordPress has XSS. |
41503 |
CVE-2015-9383 |
125 |
|
|
2019-09-03 |
2019-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. |
41504 |
CVE-2015-9382 |
125 |
|
|
2019-09-03 |
2019-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. |
41505 |
CVE-2015-9381 |
125 |
|
|
2019-09-03 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. |
41506 |
CVE-2015-9380 |
352 |
|
CSRF |
2019-08-30 |
2019-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The photo-gallery plugin before 1.2.42 for WordPress has CSRF. |
41507 |
CVE-2015-9379 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41508 |
CVE-2015-9378 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41509 |
CVE-2015-9377 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41510 |
CVE-2015-9376 |
79 |
|
XSS |
2019-08-28 |
2019-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41511 |
CVE-2015-9375 |
79 |
|
XSS |
2019-08-28 |
2019-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41512 |
CVE-2015-9374 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41513 |
CVE-2015-9373 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41514 |
CVE-2015-9372 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41515 |
CVE-2015-9371 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41516 |
CVE-2015-9370 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41517 |
CVE-2015-9369 |
79 |
|
XSS |
2019-08-28 |
2019-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41518 |
CVE-2015-9368 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41519 |
CVE-2015-9367 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41520 |
CVE-2015-9366 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41521 |
CVE-2015-9365 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41522 |
CVE-2015-9364 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41523 |
CVE-2015-9363 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41524 |
CVE-2015-9362 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41525 |
CVE-2015-9361 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41526 |
CVE-2015-9360 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41527 |
CVE-2015-9359 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41528 |
CVE-2015-9358 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). |
41529 |
CVE-2015-9357 |
79 |
|
XSS |
2019-08-28 |
2019-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The akismet plugin before 3.1.5 for WordPress has XSS. |
41530 |
CVE-2015-9356 |
79 |
|
XSS |
2019-08-28 |
2019-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. |
41531 |
CVE-2015-9355 |
79 |
|
XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. |
41532 |
CVE-2015-9353 |
89 |
|
Sql |
2019-08-28 |
2019-09-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. |
41533 |
CVE-2015-9352 |
89 |
|
Sql |
2019-08-27 |
2019-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The wp-polls plugin before 2.72 for WordPress has SQL injection. |
41534 |
CVE-2015-9351 |
20 |
|
Exec Code |
2019-08-27 |
2019-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. |
41535 |
CVE-2015-9350 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. |
41536 |
CVE-2015-9349 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. |
41537 |
CVE-2015-9348 |
20 |
|
|
2019-08-27 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. |
41538 |
CVE-2015-9347 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. |
41539 |
CVE-2015-9346 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The cp-polls plugin before 1.0.5 for WordPress has XSS. |
41540 |
CVE-2015-9345 |
20 |
|
Http R.Spl. |
2019-08-27 |
2019-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. |
41541 |
CVE-2015-9344 |
89 |
|
Sql |
2019-08-27 |
2019-09-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The link-log plugin before 2.1 for WordPress has SQL injection. |
41542 |
CVE-2015-9343 |
352 |
|
CSRF |
2019-08-27 |
2019-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The wp-rollback plugin before 1.2.3 for WordPress has CSRF. |
41543 |
CVE-2015-9342 |
79 |
|
XSS |
2019-08-27 |
2019-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-rollback plugin before 1.2.3 for WordPress has XSS. |
41544 |
CVE-2015-9341 |
434 |
|
|
2019-08-22 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. |
41545 |
CVE-2015-9340 |
434 |
|
|
2019-08-22 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. |
41546 |
CVE-2015-9339 |
434 |
|
|
2019-08-22 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. |
41547 |
CVE-2015-9338 |
434 |
|
|
2019-08-22 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. |
41548 |
CVE-2015-9337 |
284 |
|
|
2019-08-22 |
2019-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. |
41549 |
CVE-2015-9336 |
79 |
|
XSS |
2019-08-22 |
2019-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The clean-login plugin before 1.5.1 for WordPress has reflected XSS. |
41550 |
CVE-2015-9335 |
89 |
|
Sql |
2019-08-22 |
2019-08-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. |