Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9424 | 1 Doc4design | 1 Multicons | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | |||||
| CVE-2015-9422 | 1 Simplysymphony | 1 Plugnedit | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. | |||||
| CVE-2015-9421 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | |||||
| CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
| The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | |||||
| CVE-2015-9417 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | |||||
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | |||||
| CVE-2015-9409 | 1 Alo-easymail Project | 1 Alo-easymail | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | |||||
| CVE-2015-9408 | 1 Cyberseo | 1 Xpinner Lite | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | |||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | |||||
| CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | |||||
| CVE-2015-9387 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | |||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | |||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | |||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | |||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | |||||
| CVE-2015-9309 | 1 Flippercode | 1 Wp Google Map | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | |||||
| CVE-2015-9308 | 1 Flippercode | 1 Wp Google Map | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | |||||
| CVE-2015-9307 | 1 Flippercode | 1 Wp Google Map | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | |||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | |||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | |||||