The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2015-9376 | iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9375 | Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9374 | Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9373 | PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9372 | Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9371 | Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9370 | Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9369 | Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9368 | Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9367 | Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9366 | Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9365 | Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9364 | 2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9363 | iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9362 | The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9361 | The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9360 | The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9359 | The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9358 | The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9357 | The akismet plugin before 3.1.5 for WordPress has XSS. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9356 | The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. | MEDIUM | Aug 30, 2019 | n/a |
CVE-2015-9355 | The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9354 | The gigpress plugin before 2.3.11 for WordPress has XSS. | LOW | Aug 29, 2019 | n/a |
CVE-2015-9353 | The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | MEDIUM | Sep 9, 2019 | n/a |
CVE-2015-9352 | The wp-polls plugin before 2.72 for WordPress has SQL injection. | HIGH | Aug 28, 2019 | n/a |
CVE-2015-9351 | The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. | HIGH | Aug 28, 2019 | n/a |
CVE-2015-9350 | The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9349 | The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the \"built-in (old)\" file browser. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9348 | The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9347 | The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9346 | The cp-polls plugin before 1.0.5 for WordPress has XSS. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9345 | The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9344 | The link-log plugin before 2.1 for WordPress has SQL injection. | HIGH | Aug 28, 2019 | n/a |
CVE-2015-9343 | The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9342 | The wp-rollback plugin before 1.2.3 for WordPress has XSS. | MEDIUM | Aug 28, 2019 | n/a |
CVE-2015-9341 | The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9340 | The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9339 | The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9338 | The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | MEDIUM | Aug 29, 2019 | n/a |
CVE-2015-9337 | The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | MEDIUM | Aug 26, 2019 | n/a |
CVE-2015-9336 | The clean-login plugin before 1.5.1 for WordPress has reflected XSS. | MEDIUM | Aug 26, 2019 | n/a |
CVE-2015-9335 | The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. | HIGH | Aug 26, 2019 | n/a |
CVE-2015-9334 | The email-newsletter plugin through 20.15 for WordPress has SQL injection. | HIGH | Aug 29, 2019 | n/a |
CVE-2015-9333 | The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | HIGH | Aug 23, 2019 | n/a |
CVE-2015-9332 | The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | MEDIUM | Aug 22, 2019 | n/a |
CVE-2015-9331 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | MEDIUM | Aug 22, 2019 | n/a |
CVE-2015-9330 | The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | HIGH | Aug 22, 2019 | n/a |
CVE-2015-9329 | The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | MEDIUM | Aug 22, 2019 | n/a |
CVE-2015-9328 | The profile-builder plugin before 2.2.5 for WordPress has XSS. | MEDIUM | Aug 22, 2019 | n/a |
CVE-2015-9327 | The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. | MEDIUM | Aug 23, 2019 | n/a |