The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-9499 | The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | HIGH | Oct 28, 2019 |
| CVE-2015-9498 | The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | MEDIUM | Oct 24, 2019 |
| CVE-2015-9497 | The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | MEDIUM | Oct 23, 2019 |
| CVE-2015-9496 | The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the \'FM_form id=\' substring. | MEDIUM | Oct 24, 2019 |
| CVE-2015-9495 | The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. | MEDIUM | Oct 24, 2019 |
| CVE-2015-9494 | The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. | MEDIUM | Oct 24, 2019 |
| CVE-2015-9493 | The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. | MEDIUM | Oct 23, 2019 |
| CVE-2015-9492 | The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9491 | The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9490 | The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9489 | The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9488 | The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9487 | The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9486 | The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9485 | The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9484 | The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9483 | The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9482 | The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9481 | The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9480 | The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9479 | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | HIGH | Oct 10, 2019 |
| CVE-2015-9478 | prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9477 | The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9476 | The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9475 | The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9474 | The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9473 | The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9472 | The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9471 | The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | HIGH | Oct 10, 2019 |
| CVE-2015-9470 | The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9469 | The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | LOW | Oct 10, 2019 |
| CVE-2015-9468 | The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9467 | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | HIGH | Oct 11, 2019 |
| CVE-2015-9466 | The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable. | HIGH | Oct 10, 2019 |
| CVE-2015-9465 | The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9464 | The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9463 | The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9462 | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9461 | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9460 | The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9459 | The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9458 | The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | MEDIUM | Oct 11, 2019 |
| CVE-2015-9457 | The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9456 | The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9455 | The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | HIGH | Oct 10, 2019 |
| CVE-2015-9454 | The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9453 | The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | MEDIUM | Oct 10, 2019 |
| CVE-2015-9452 | The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | HIGH | Oct 8, 2019 |
| CVE-2015-9451 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | HIGH | Oct 8, 2019 |
| CVE-2015-9450 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | HIGH | Oct 9, 2019 |
