CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2016-15033 – Delete All Comments <= 2.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-15033
10 Dec 2016 — The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. • http://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10926 – Nelio AB Testing < 4.5.9 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2016-10926
08 Dec 2016 — The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. El plugin nelio-ab-testing anterior de la versión 4.5.9 para WordPress tiene SSRF en ajax / iesupport.php. The Nelio AB Testing plugin for WordPress is vulnerable to Server Side Request Forgery in versions up to, and including, 4.5.8 via the 'ajax/iesupport.php' file. • https://wordpress.org/plugins/nelio-ab-testing/#developers • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-15042 – Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-15042
16 Jul 2016 — The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. ... Los complementos Frontend File Manager (versiones < 4.0) y N-Media Post Front-end Form (versiones < 1.1) para WordPress son vulnerables a la carga de archivos arbitrarios debido a la falta de validación del tipo de arc... • https://wordpress.org/plugins/nmedia-user-file-uploader/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10100 – Dynamic Widgets Plugin dynwid_class.php sql injection
https://notcve.org/view.php?id=CVE-2015-10100
14 Oct 2015 — A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. ... Eine Schwachstelle wurde in Dynamic Widgets Plugin bis 1.5.10 für WordPress entdeckt. ... The Dynamic Widgets Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.5.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10109 – Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10109
25 Aug 2015 — A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. ... Eine problematische Schwachstelle wurde in Video Playlist and Gallery Plugin bis 1.136 für WordPress ausgemacht. ... The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery via the ‘cincopaafc’ parameter in versions before 1.137 due to insufficient input sanitization and output escaping. • https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10108 – meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10108
11 May 2015 — A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. ... Eine Schwachstelle wurde in meitar Inline Google Spreadsheet Viewer Plugin bis 0.9.6 für WordPress gefunden. ... The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.9.6. • https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10125 – WP Ultimate CSV Importer Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10125
05 May 2015 — A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. ... Una vulnerabilidad ha sido encontrada en WP Ultimate CSV Importer Plugin 3.7.2 en WordPress y clasificada como problemática. ... Es wurde eine Schwachstelle in WP Ultimate CSV Importer Plugin 3.7.2 für WordPress entdeckt. ... The Import CSV or XML Datafeed With Ease plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including... • https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 5CVE-2015-2824 – Simple Ads Manager < 2.7.97 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2015-2824
02 Apr 2015 — Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-aja... • http://packetstormsecurity.com/files/131280/WordPress-Simple-Ads-Manager-2.5.94-2.5.96-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10116 – RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery
https://notcve.org/view.php?id=CVE-2015-10116
01 Apr 2015 — A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. ... Es wurde eine Schwachstelle in RealFaviconGenerator Favicon Plugin bis 1.2.12 für WordPress entdeckt. ... The Favicon by RealFaviconGenerator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘json_result_url’ parameter in versions before 1.2.13 due to insufficient input sanitization and output escaping. • https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10105 – IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal
https://notcve.org/view.php?id=CVE-2015-10105
07 Mar 2015 — A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. ... Es wurde eine kritische Schwachstelle in IP Blacklist Cloud Plugin bis 3.42 für WordPress gefunden. ... The IP Blacklist Cloud plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 3.42 via the 'filename' parameter. • https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •