Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 160555 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2015-9377 iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9376 iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 29, 2019 n/a
CVE-2015-9375 Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9374 Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9373 PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9372 Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9371 Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9370 Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9369 Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 29, 2019 n/a
CVE-2015-9368 Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9367 Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9366 Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9365 Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9364 2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9363 iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9362 The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9361 The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9360 The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9359 The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 30, 2019 n/a
CVE-2015-9358 The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). MEDIUM Aug 28, 2019 n/a
CVE-2015-9357 The akismet plugin before 3.1.5 for WordPress has XSS. MEDIUM Aug 29, 2019 n/a
CVE-2015-9356 The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. MEDIUM Aug 30, 2019 n/a
CVE-2015-9355 The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. MEDIUM Aug 28, 2019 n/a
CVE-2015-9354 The gigpress plugin before 2.3.11 for WordPress has XSS. LOW Aug 29, 2019 n/a
CVE-2015-9353 The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. MEDIUM Sep 9, 2019 n/a
CVE-2015-9352 The wp-polls plugin before 2.72 for WordPress has SQL injection. HIGH Aug 28, 2019 n/a
CVE-2015-9351 The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. HIGH Aug 28, 2019 n/a
CVE-2015-9350 The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. MEDIUM Aug 28, 2019 n/a
CVE-2015-9349 The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the \"built-in (old)\" file browser. MEDIUM Aug 28, 2019 n/a
CVE-2015-9348 The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. MEDIUM Aug 29, 2019 n/a
CVE-2015-9347 The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. MEDIUM Aug 28, 2019 n/a
CVE-2015-9346 The cp-polls plugin before 1.0.5 for WordPress has XSS. MEDIUM Aug 28, 2019 n/a
CVE-2015-9345 The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. MEDIUM Aug 28, 2019 n/a
CVE-2015-9344 The link-log plugin before 2.1 for WordPress has SQL injection. HIGH Aug 28, 2019 n/a
CVE-2015-9343 The wp-rollback plugin before 1.2.3 for WordPress has CSRF. MEDIUM Aug 29, 2019 n/a
CVE-2015-9342 The wp-rollback plugin before 1.2.3 for WordPress has XSS. MEDIUM Aug 28, 2019 n/a
CVE-2015-9341 The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. MEDIUM Aug 29, 2019 n/a
CVE-2015-9340 The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. MEDIUM Aug 29, 2019 n/a
CVE-2015-9339 The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. MEDIUM Aug 29, 2019 n/a
CVE-2015-9338 The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. MEDIUM Aug 29, 2019 n/a
CVE-2015-9337 The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. MEDIUM Aug 26, 2019 n/a
CVE-2015-9336 The clean-login plugin before 1.5.1 for WordPress has reflected XSS. MEDIUM Aug 26, 2019 n/a
CVE-2015-9335 The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. HIGH Aug 26, 2019 n/a
CVE-2015-9334 The email-newsletter plugin through 20.15 for WordPress has SQL injection. HIGH Aug 29, 2019 n/a
CVE-2015-9333 The cforms2 plugin before 14.6.10 for WordPress has SQL injection. HIGH Aug 23, 2019 n/a
CVE-2015-9332 The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. MEDIUM Aug 22, 2019 n/a
CVE-2015-9331 The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. MEDIUM Aug 22, 2019 n/a
CVE-2015-9330 The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. HIGH Aug 22, 2019 n/a
CVE-2015-9329 The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. MEDIUM Aug 22, 2019 n/a
CVE-2015-9328 The profile-builder plugin before 2.2.5 for WordPress has XSS. MEDIUM Aug 22, 2019 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online