|
273691
|
7.2 |
HIGH
Network
|
caseproof
|
pretty_link
|
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9457
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273692
|
6.5 |
MEDIUM
Network
|
orbisius
|
child_theme_creator
|
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=sav…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2015-9456
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273693
|
8.1 |
HIGH
Network
|
incsub
|
buddypress-activity-plus
|
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
|
CWE-352
Origin Validation Error
|
CVE-2015-9455
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273694
|
8.8 |
HIGH
Network
|
slidervilla
|
smooth_slider
|
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9454
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273695
|
6.1 |
MEDIUM
Network
|
k-78
|
broken_link_manager
|
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9453
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273696
|
9.8 |
CRITICAL
Network
|
nex-forms_-_ultimate_form_builder_project
|
nex-forms_-_ultimate_form_builder
|
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9452
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273697
|
9.8 |
CRITICAL
Network
|
sizmic
|
plugmatter_optin_feature_box
|
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9451
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273698
|
9.8 |
CRITICAL
Network
|
sizmic
|
plugmatter_optin_feature_box
|
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9450
|
2024-11-21 11:40 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273699
|
8.8 |
HIGH
Network
|
pressified
|
sendpress
|
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9448
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273700
|
6.5 |
MEDIUM
Network
|
unitegallery
|
unite_gallery_lite
|
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
|
CWE-352
Origin Validation Error
|
CVE-2015-9447
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
