|
267211
|
6.1 |
MEDIUM
Network
|
exquisite_ultimate_newspaper_project
|
exquisite_ultimate_newspaper
|
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9500
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267212
|
9.8 |
CRITICAL
Network
|
themepunch
|
showbiz_pro
|
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9499
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267213
|
8.8 |
HIGH
Network
|
wpserveur
|
wps_hide_login
|
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
|
CWE-352
Origin Validation Error
|
CVE-2015-9498
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267214
|
8.8 |
HIGH
Network
|
ad_inserter_project
|
ad_inserter
|
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
|
CWE-352
Origin Validation Error
|
CVE-2015-9497
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267215
|
8.8 |
HIGH
Network
|
freshmail
|
freshmail-newsletter
|
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
|
CWE-89
SQL Injection
|
CVE-2015-9496
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267216
|
6.1 |
MEDIUM
Network
|
syndication_links_project
|
syndication_links
|
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9495
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267217
|
6.1 |
MEDIUM
Network
|
indieweb_post_kinds_project
|
indieweb_post_kinds
|
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9494
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267218
|
6.1 |
MEDIUM
Network
|
nlb-creationst
|
my_wish_list
|
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9493
|
2024-11-21 11:40 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267219
|
7.5 |
HIGH
Network
|
smartit_premium_responsive_project
|
smartit_premium_responsive
|
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a …
|
CWE-200
Information Exposure
|
CVE-2015-9492
|
2024-11-21 11:40 |
2019-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267220
|
7.5 |
HIGH
Network
|
blessing_premium_responsive_project
|
blessing_premium_responsive
|
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a…
|
CWE-200
Information Exposure
|
CVE-2015-9491
|
2024-11-21 11:40 |
2019-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
