|
267271
|
4.8 |
MEDIUM
Network
|
addthis
|
addthis
|
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9439
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267272
|
5.4 |
MEDIUM
Network
|
display-widgets_project
|
display-widgets
|
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9438
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267273
|
6.5 |
MEDIUM
Network
|
qurl
|
dynamic_widgets
|
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9437
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267274
|
5.4 |
MEDIUM
Network
|
qurl
|
dynamic_widgets
|
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9436
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267275
|
9.8 |
CRITICAL
Network
|
dash10
|
oauth_server
|
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2015-9435
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267276
|
6.5 |
MEDIUM
Network
|
kiwi-logo-carousel_project
|
kiwi-logo-carousel
|
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9434
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267277
|
6.5 |
MEDIUM
Network
|
wp_social_bookmarking_light_project
|
wp_social_bookmarking_light
|
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp…
|
CWE-352
Origin Validation Error
|
CVE-2015-9433
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267278
|
6.5 |
MEDIUM
Network
|
thealpinepress
|
alpine-photo-tile-for-instagram
|
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9432
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267279
|
6.5 |
MEDIUM
Network
|
qtranslate_x_project
|
qtranslate_x
|
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-9431
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267280
|
7.2 |
HIGH
Network
|
efficientscripts
|
microblog_poster
|
The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-9449
|
2024-11-21 11:40 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
