CWE-35 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8760 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2015-9498	1 Wpserveur	1 Wps Hide Login	2024-11-21	8.8 High
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
CVE-2015-9497	1 Ad Inserter Project	1 Ad Inserter	2024-11-21	8.8 High
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
CVE-2015-9455	1 Incsub	1 Buddypress-activity-plus	2024-11-21	8.1 High
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
CVE-2015-9447	1 Unitegallery	1 Unite Gallery Lite	2024-11-21	6.5 Medium
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
CVE-2015-9445	1 Unitegallery	1 Unite Gallery Lite	2024-11-21	8.8 High
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
CVE-2015-9443	1 Wp Accurate Form Data Project	1 Wp Accurate Form Data	2024-11-21	6.5 Medium
The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.
CVE-2015-9442	1 Avenirsoft	1 Directdownload	2024-11-21	6.5 Medium
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
CVE-2015-9441	1 Bookmarkify Project	1 Bookmarkify	2024-11-21	6.5 Medium
The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.
CVE-2015-9440	1 Monetize Project	1 Monetize	2024-11-21	6.5 Medium
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.
CVE-2015-9434	1 Kiwi-logo-carousel Project	1 Kiwi-logo-carousel	2024-11-21	6.5 Medium
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.
CVE-2015-9433	1 Wp Social Bookmarking Light Project	1 Wp Social Bookmarking Light	2024-11-21	6.5 Medium
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.
CVE-2015-9432	1 Thealpinepress	1 Alpine-photo-tile-for-instagram	2024-11-21	6.5 Medium
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.
CVE-2015-9431	1 Qtranslate X Project	1 Qtranslate X	2024-11-21	6.5 Medium
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.
CVE-2015-9429	1 Yithemes	1 Yith Maintenance Mode	2024-11-21	6.5 Medium
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
CVE-2015-9428	1 Wplegalpages	1 Wp Legal Pages	2024-11-21	6.5 Medium
The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.
CVE-2015-9427	1 Googmonify Project	1 Googmonify	2024-11-21	6.5 Medium
The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.
CVE-2015-9425	1 Byonepress	1 Social Locker	2024-11-21	5.4 Medium
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.
CVE-2015-9424	1 Doc4design	1 Multicons	2024-11-21	6.5 Medium
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
CVE-2015-9422	1 Simplysymphony	1 Plugnedit	2024-11-21	6.5 Medium
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.
CVE-2015-9421	1 Olevmedia	1 Olevmedia Shortcodes	2024-11-21	6.5 Medium
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.

« first previous Page 420 of 438. next last »