The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2016-10943 | The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | MEDIUM | Sep 13, 2019 |
CVE-2016-10942 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | HIGH | Sep 13, 2019 |
CVE-2016-10941 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | MEDIUM | Sep 13, 2019 |
CVE-2016-10940 | The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | MEDIUM | Sep 13, 2019 |
CVE-2016-10939 | The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | MEDIUM | Sep 13, 2019 |
CVE-2016-10938 | The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. | MEDIUM | Sep 13, 2019 |
CVE-2016-10937 | IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | MEDIUM | Sep 9, 2019 |
CVE-2016-10936 | The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. | MEDIUM | Aug 28, 2019 |
CVE-2016-10935 | The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | HIGH | Aug 28, 2019 |
CVE-2016-10934 | The check-email plugin before 0.5.2 for WordPress has XSS. | MEDIUM | Aug 29, 2019 |
CVE-2016-10933 | An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | MEDIUM | Aug 29, 2019 |
CVE-2016-10932 | An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. | MEDIUM | Aug 28, 2019 |
CVE-2016-10931 | An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. | -- | Aug 26, 2019 |
CVE-2016-10930 | The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number. | HIGH | Aug 29, 2019 |
CVE-2016-10929 | The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in. | MEDIUM | Aug 23, 2019 |
CVE-2016-10928 | The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | MEDIUM | Aug 29, 2019 |
CVE-2016-10927 | The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | MEDIUM | Aug 26, 2019 |
CVE-2016-10926 | The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. | MEDIUM | Aug 26, 2019 |
CVE-2016-10925 | The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | MEDIUM | Aug 26, 2019 |
CVE-2016-10924 | The ebook-download plugin before 1.2 for WordPress has directory traversal. | MEDIUM | Aug 23, 2019 |
CVE-2016-10923 | The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. | HIGH | Aug 23, 2019 |
CVE-2016-10922 | The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. | HIGH | Aug 26, 2019 |
CVE-2016-10921 | The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | HIGH | Aug 26, 2019 |
CVE-2016-10920 | The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | MEDIUM | Aug 26, 2019 |
CVE-2016-10919 | The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | MEDIUM | Aug 26, 2019 |
CVE-2016-10918 | The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | MEDIUM | Aug 26, 2019 |
CVE-2016-10917 | The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | HIGH | Aug 26, 2019 |
CVE-2016-10916 | The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | HIGH | Aug 26, 2019 |
CVE-2016-10915 | The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | MEDIUM | Aug 21, 2019 |
CVE-2016-10914 | The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | MEDIUM | Aug 22, 2019 |
CVE-2016-10913 | The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | MEDIUM | Aug 22, 2019 |
CVE-2016-10912 | The universal-analytics plugin before 1.3.1 for WordPress has XSS. | MEDIUM | Aug 22, 2019 |
CVE-2016-10911 | The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | MEDIUM | Aug 22, 2019 |
CVE-2016-10910 | The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. | MEDIUM | Aug 22, 2019 |
CVE-2016-10909 | The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | HIGH | Aug 21, 2019 |
CVE-2016-10908 | The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | MEDIUM | Aug 21, 2019 |
CVE-2016-10907 | An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt. | Medium | Aug 23, 2019 |
CVE-2016-10906 | An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. | Medium | Aug 23, 2019 |
CVE-2016-10905 | An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. | Medium | Aug 23, 2019 |
CVE-2016-10904 | The olimometer plugin before 2.57 for WordPress has SQL injection. | HIGH | Aug 21, 2019 |
CVE-2016-10903 | The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF. | MEDIUM | Aug 23, 2019 |
CVE-2016-10902 | The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools. | MEDIUM | Aug 22, 2019 |
CVE-2016-10901 | The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools. | MEDIUM | Aug 21, 2019 |
CVE-2016-10900 | The uji-countdown plugin before 2.0.7 for WordPress has XSS. | MEDIUM | Aug 21, 2019 |
CVE-2016-10899 | The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. | MEDIUM | Aug 22, 2019 |
CVE-2016-10898 | The total-security plugin before 3.4.1 for WordPress has XSS. | MEDIUM | Aug 22, 2019 |
CVE-2016-10897 | The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues. | MEDIUM | Aug 22, 2019 |
CVE-2016-10896 | The seo-redirection plugin before 4.3 for WordPress has stored XSS. | MEDIUM | Aug 22, 2019 |
CVE-2016-10895 | The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. | MEDIUM | Aug 22, 2019 |
CVE-2016-10894 | xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, \"pinch and zoom\" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). | LOW | Aug 29, 2019 |