Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 36837 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9439 1 Addthis 1 Addthis 2024-11-21 3.5 LOW 4.8 MEDIUM
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
CVE-2015-9438 1 Display-widgets Project 1 Display-widgets 2024-11-21 3.5 LOW 5.4 MEDIUM
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
CVE-2015-9430 1 Crazy Bone Project 1 Crazy Bone 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.
CVE-2015-9426 1 Manual Image Crop Project 1 Manual Image Crop 2024-11-21 3.5 LOW 4.6 MEDIUM
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
CVE-2015-9423 1 Simplysymphony 1 Plugnedit 2024-11-21 3.5 LOW 5.4 MEDIUM
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.
CVE-2015-9420 1 Mightymess 1 Soundcloud Is Gold 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
CVE-2015-9419 1 Captain-slider Project 1 Captain-slider 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.
CVE-2015-9416 1 Onthegosystems 1 Sitepress-multilingual-cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.
CVE-2015-9414 1 Wpsymposiumpro 1 Wp-symposium 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.
CVE-2015-9412 1 Royal-slider Project 1 Royal-slider 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.
CVE-2015-9411 1 Gopostmatic 1 Replyable 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Postmatic plugin before 1.4.6 for WordPress has XSS.
CVE-2015-9410 1 Blubrry 1 Powerpress 2024-11-21 3.5 LOW 5.4 MEDIUM
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.
CVE-2015-9407 1 Cyberseo 1 Xpinner Lite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVE-2015-9405 1 Wp-piwik Project 1 Wp-piwik 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVE-2015-9404 1 Neuvoo 1 Neuvoo-jobroll 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.
CVE-2015-9403 1 Neuvoo 1 Neuvoo-jobroll 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.
CVE-2015-9401 1 Websimon-tables Project 1 Websimon-tables 2024-11-21 3.5 LOW 4.8 MEDIUM
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.
CVE-2015-9397 1 Webmaster-source 1 Gocodes 2024-11-21 3.5 LOW 5.4 MEDIUM
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
CVE-2015-9396 1 Attosoft 1 Auto Thickbox Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.
CVE-2015-9393 1 Usersultra 1 Users Ultra Membership 2024-11-21 3.5 LOW 5.4 MEDIUM
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.