| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. |
| The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. |
| The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. |
| The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. |
| The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. |
| The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. |
| The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. |
| The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. |
| The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. |
| The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. |
| The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. |
| The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. |
| The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. |
