|
267241
|
7.5 |
HIGH
Network
|
ionadas
|
history_collection
|
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
|
CWE-22
Path Traversal
|
CVE-2015-9470
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267242
|
4.8 |
MEDIUM
Network
|
cybercraftit
|
content-grabber
|
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9469
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267243
|
6.1 |
MEDIUM
Network
|
k-78
|
broken_link_manager
|
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9468
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267244
|
9.8 |
CRITICAL
Network
|
k-78
|
broken_link_manager
|
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9467
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267245
|
9.8 |
CRITICAL
Network
|
webtechideas
|
wti_like_post
|
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED vari…
|
CWE-89
SQL Injection
|
CVE-2015-9466
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267246
|
8.8 |
HIGH
Network
|
yet_another_stars_rating_project
|
yet_another_stars_rating
|
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9465
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267247
|
7.5 |
HIGH
Network
|
s3bubble
|
s3bubble-amazon-s3-audio-streaming
|
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
|
CWE-22
Path Traversal
|
CVE-2015-9463
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267248
|
7.5 |
HIGH
Network
|
s3bubble
|
s3bubble-amazon-s3-html-5-video-with-adverts
|
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
|
CWE-22
Path Traversal
|
CVE-2015-9464
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267249
|
7.2 |
HIGH
Network
|
awesome_filterable_portfolio_project
|
awesome_filterable_portfolio
|
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9462
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267250
|
7.2 |
HIGH
Network
|
brinidesigner
|
awesome_filterable_portfolio
|
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9461
|
2024-11-21 11:40 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
