Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0295 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. | |||||
| CVE-2016-0272 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052. | |||||
| CVE-2015-9498 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | |||||
| CVE-2015-9497 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | |||||
| CVE-2015-9455 | 1 Incsub | 1 Buddypress-activity-plus | 2024-11-21 | 7.8 HIGH | 8.1 HIGH |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | |||||
| CVE-2015-9447 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | |||||
| CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | |||||
| CVE-2015-9443 | 1 Wp Accurate Form Data Project | 1 Wp Accurate Form Data | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | |||||
| CVE-2015-9442 | 1 Avenirsoft | 1 Directdownload | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | |||||
| CVE-2015-9441 | 1 Bookmarkify Project | 1 Bookmarkify | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | |||||
| CVE-2015-9440 | 1 Monetize Project | 1 Monetize | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | |||||
| CVE-2015-9437 | 1 Qurl | 1 Dynamic Widgets | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | |||||
| CVE-2015-9434 | 1 Kiwi-logo-carousel Project | 1 Kiwi-logo-carousel | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | |||||
| CVE-2015-9433 | 1 Wp Social Bookmarking Light Project | 1 Wp Social Bookmarking Light | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. | |||||
| CVE-2015-9432 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | |||||
| CVE-2015-9431 | 1 Qtranslate X Project | 1 Qtranslate X | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | |||||
| CVE-2015-9429 | 1 Yithemes | 1 Yith Maintenance Mode | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | |||||
| CVE-2015-9428 | 1 Wplegalpages | 1 Wp Legal Pages | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. | |||||
| CVE-2015-9427 | 1 Googmonify Project | 1 Googmonify | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | |||||
| CVE-2015-9425 | 1 Byonepress | 1 Social Locker | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | |||||