Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216078 entries
IDDescriptionPriorityModified date
CVE-2016-10943 The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. MEDIUM Sep 13, 2019
CVE-2016-10942 The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. HIGH Sep 13, 2019
CVE-2016-10941 The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. MEDIUM Sep 13, 2019
CVE-2016-10940 The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. MEDIUM Sep 13, 2019
CVE-2016-10939 The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. MEDIUM Sep 13, 2019
CVE-2016-10938 The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. MEDIUM Sep 13, 2019
CVE-2016-10937 IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. MEDIUM Sep 9, 2019
CVE-2016-10936 The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. MEDIUM Aug 28, 2019
CVE-2016-10935 The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. HIGH Aug 28, 2019
CVE-2016-10934 The check-email plugin before 0.5.2 for WordPress has XSS. MEDIUM Aug 29, 2019
CVE-2016-10933 An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. MEDIUM Aug 29, 2019
CVE-2016-10932 An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. MEDIUM Aug 28, 2019
CVE-2016-10931 An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. -- Aug 26, 2019
CVE-2016-10930 The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number. HIGH Aug 29, 2019
CVE-2016-10929 The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in. MEDIUM Aug 23, 2019
CVE-2016-10928 The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. MEDIUM Aug 29, 2019
CVE-2016-10927 The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. MEDIUM Aug 26, 2019
CVE-2016-10926 The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. MEDIUM Aug 26, 2019
CVE-2016-10925 The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. MEDIUM Aug 26, 2019
CVE-2016-10924 The ebook-download plugin before 1.2 for WordPress has directory traversal. MEDIUM Aug 23, 2019
CVE-2016-10923 The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. HIGH Aug 23, 2019
CVE-2016-10922 The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. HIGH Aug 26, 2019
CVE-2016-10921 The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. HIGH Aug 26, 2019
CVE-2016-10920 The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. MEDIUM Aug 26, 2019
CVE-2016-10919 The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. MEDIUM Aug 26, 2019
CVE-2016-10918 The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. MEDIUM Aug 26, 2019
CVE-2016-10917 The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. HIGH Aug 26, 2019
CVE-2016-10916 The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. HIGH Aug 26, 2019
CVE-2016-10915 The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. MEDIUM Aug 21, 2019
CVE-2016-10914 The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. MEDIUM Aug 22, 2019
CVE-2016-10913 The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. MEDIUM Aug 22, 2019
CVE-2016-10912 The universal-analytics plugin before 1.3.1 for WordPress has XSS. MEDIUM Aug 22, 2019
CVE-2016-10911 The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. MEDIUM Aug 22, 2019
CVE-2016-10910 The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. MEDIUM Aug 22, 2019
CVE-2016-10909 The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. HIGH Aug 21, 2019
CVE-2016-10908 The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. MEDIUM Aug 21, 2019
CVE-2016-10907 An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt. Medium Aug 23, 2019
CVE-2016-10906 An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. Medium Aug 23, 2019
CVE-2016-10905 An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. Medium Aug 23, 2019
CVE-2016-10904 The olimometer plugin before 2.57 for WordPress has SQL injection. HIGH Aug 21, 2019
CVE-2016-10903 The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF. MEDIUM Aug 23, 2019
CVE-2016-10902 The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools. MEDIUM Aug 22, 2019
CVE-2016-10901 The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools. MEDIUM Aug 21, 2019
CVE-2016-10900 The uji-countdown plugin before 2.0.7 for WordPress has XSS. MEDIUM Aug 21, 2019
CVE-2016-10899 The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. MEDIUM Aug 22, 2019
CVE-2016-10898 The total-security plugin before 3.4.1 for WordPress has XSS. MEDIUM Aug 22, 2019
CVE-2016-10897 The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues. MEDIUM Aug 22, 2019
CVE-2016-10896 The seo-redirection plugin before 4.3 for WordPress has stored XSS. MEDIUM Aug 22, 2019
CVE-2016-10895 The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. MEDIUM Aug 22, 2019
CVE-2016-10894 xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, \"pinch and zoom\" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). LOW Aug 29, 2019
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online