Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9401 | 1 Wp Limit Posts Automatically Project | 1 Wp Limit Posts Automatically | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9400 | 1 Wp Unique Article Header Image Project | 1 Wp Unique Article Header Image | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9399 | 1 Tweetscribe Project | 1 Tweetscribe | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9398 | 1 Twitter Liveblog Project | 1 Twitter Liveblog | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitter_username parameter in the twitter-liveblog.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9397 | 1 Twimp-wp Project | 1 Twimp-wp | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9396 | 1 Simpleflickr Project | 1 Simpleflickr | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9395 | 1 Simplelife Project | 1 Simplelife | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9394 | 1 Pwgrandom Project | 1 Pwgrandom | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. | |||||
| CVE-2014-9393 | 1 Post To Twitter Project | 1 Post To Twitter | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. | |||||
| CVE-2014-9392 | 1 Pictobrowser Project | 1 Pictobrowser | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9391 | 1 Gslideshow Project | 1 Gslideshow | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9385 | 1 Zenoss | 1 Zenoss Core | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388. | |||||
| CVE-2014-9382 | 1 Free | 1 Freebox Os | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation | |||||
| CVE-2014-9368 | 1 Twitterdash Project | 1 Twitterdash | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9344 | 1 Globiz Solutions | 1 Snowfox Content Management System | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/. | |||||
| CVE-2014-9341 | 1 Yurl Retwitt Project | 1 Yurl Retwitt | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_login or (2) yurl_anchor parameter in the yurl page to wp-admin/options-general.php. | |||||
| CVE-2014-9340 | 1 Wpcommenttwit Project | 1 Wpcommenttwit | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9339 | 1 Jayde Online | 1 Spnbabble | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php. | |||||
| CVE-2014-9338 | 1 O2tweet Project | 1 O2tweet | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php. | |||||
| CVE-2014-9337 | 1 Mikiurl Wordpress Eklentisi Project | 1 Mikiurl Wordpress Eklentisi | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php. | |||||