| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. |
| The wp-rollback plugin before 1.2.3 for WordPress has XSS. |
| The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. |
| The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. |
| The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. |
| The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. |
| The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. |
| The clean-login plugin before 1.5.1 for WordPress has reflected XSS. |
| The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. |
| The email-newsletter plugin through 20.15 for WordPress has SQL injection. |
| The cforms2 plugin before 14.6.10 for WordPress has SQL injection. |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. |
| The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. |
| The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. |
| The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. |
| The profile-builder plugin before 2.2.5 for WordPress has XSS. |
| The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. |
| The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. |
| The visitors-online plugin before 0.4 for WordPress has SQL injection. |
| The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. |
