The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2015-9349 | The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the \"built-in (old)\" file browser. | MEDIUM | Aug 28, 2019 | n/a |
| CVE-2015-9348 | The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | MEDIUM | Aug 29, 2019 | n/a |
| CVE-2015-9347 | The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | MEDIUM | Aug 28, 2019 | n/a |
| CVE-2015-9346 | The cp-polls plugin before 1.0.5 for WordPress has XSS. | MEDIUM | Aug 28, 2019 | n/a |
| CVE-2015-9345 | The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. | MEDIUM | Aug 28, 2019 | n/a |
| CVE-2015-9344 | The link-log plugin before 2.1 for WordPress has SQL injection. | HIGH | Aug 28, 2019 | n/a |
| CVE-2015-9343 | The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | MEDIUM | Aug 29, 2019 | n/a |
| CVE-2015-9342 | The wp-rollback plugin before 1.2.3 for WordPress has XSS. | MEDIUM | Aug 28, 2019 | n/a |
| CVE-2015-9341 | The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | MEDIUM | Aug 29, 2019 | n/a |
| CVE-2015-9340 | The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | MEDIUM | Aug 29, 2019 | n/a |
| CVE-2015-9339 | The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | MEDIUM | Aug 29, 2019 | n/a |
| CVE-2015-9338 | The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | MEDIUM | Aug 29, 2019 | n/a |
| CVE-2015-9337 | The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2015-9336 | The clean-login plugin before 1.5.1 for WordPress has reflected XSS. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2015-9335 | The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. | HIGH | Aug 26, 2019 | n/a |
| CVE-2015-9334 | The email-newsletter plugin through 20.15 for WordPress has SQL injection. | HIGH | Aug 29, 2019 | n/a |
| CVE-2015-9333 | The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | HIGH | Aug 23, 2019 | n/a |
| CVE-2015-9332 | The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | MEDIUM | Aug 22, 2019 | n/a |
| CVE-2015-9331 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | MEDIUM | Aug 22, 2019 | n/a |
| CVE-2015-9330 | The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | HIGH | Aug 22, 2019 | n/a |
| CVE-2015-9329 | The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | MEDIUM | Aug 22, 2019 | n/a |
| CVE-2015-9328 | The profile-builder plugin before 2.2.5 for WordPress has XSS. | MEDIUM | Aug 22, 2019 | n/a |
| CVE-2015-9327 | The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. | MEDIUM | Aug 23, 2019 | n/a |
| CVE-2015-9326 | The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. | HIGH | Aug 21, 2019 | n/a |
| CVE-2015-9325 | The visitors-online plugin before 0.4 for WordPress has SQL injection. | HIGH | Aug 21, 2019 | n/a |
| CVE-2015-9324 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. | HIGH | Aug 26, 2019 | n/a |
| CVE-2015-9323 | The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. | HIGH | Aug 21, 2019 | n/a |
| CVE-2015-9322 | The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | MEDIUM | Aug 21, 2019 | n/a |
| CVE-2015-9321 | The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg. | MEDIUM | Aug 21, 2019 | n/a |
| CVE-2015-9320 | The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | MEDIUM | Aug 25, 2019 | n/a |
| CVE-2015-9319 | The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser. | MEDIUM | Aug 22, 2019 | n/a |
| CVE-2015-9318 | The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | MEDIUM | Aug 22, 2019 | n/a |
| CVE-2015-9317 | The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. | MEDIUM | Aug 21, 2019 | n/a |
| CVE-2015-9316 | The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. | HIGH | Aug 19, 2019 | n/a |
| CVE-2015-9315 | The newstatpress plugin before 1.0.1 for WordPress has SQL injection. | HIGH | Aug 16, 2019 | n/a |
| CVE-2015-9314 | The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | MEDIUM | Aug 16, 2019 | n/a |
| CVE-2015-9313 | The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | HIGH | Aug 16, 2019 | n/a |
| CVE-2015-9312 | The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | MEDIUM | Aug 16, 2019 | n/a |
| CVE-2015-9311 | The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | MEDIUM | Aug 16, 2019 | n/a |
| CVE-2015-9310 | The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | HIGH | Aug 19, 2019 | n/a |
| CVE-2015-9309 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | MEDIUM | Aug 19, 2019 | n/a |
| CVE-2015-9308 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | MEDIUM | Aug 19, 2019 | n/a |
| CVE-2015-9307 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | MEDIUM | Aug 19, 2019 | n/a |
| CVE-2015-9306 | The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2015-9305 | The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2015-9304 | The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2015-9303 | The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2015-9302 | The simple-fields plugin before 1.4.11 for WordPress has XSS. | MEDIUM | Aug 16, 2019 | n/a |
| CVE-2015-9301 | The liveforms plugin before 3.2.0 for WordPress has SQL injection. | HIGH | Aug 16, 2019 | n/a |
| CVE-2015-9300 | The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | MEDIUM | Aug 16, 2019 | n/a |
