Total
8011 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9427 | 1 Googmonify Project | 1 Googmonify | 2024-11-21 | 6.5 Medium |
| The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | ||||
| CVE-2015-9425 | 1 Byonepress | 1 Social Locker | 2024-11-21 | 5.4 Medium |
| The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | ||||
| CVE-2015-9424 | 1 Doc4design | 1 Multicons | 2024-11-21 | 6.5 Medium |
| The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | ||||
| CVE-2015-9422 | 1 Simplysymphony | 1 Plugnedit | 2024-11-21 | 6.5 Medium |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. | ||||
| CVE-2015-9421 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | 6.5 Medium |
| The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | ||||
| CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2024-11-21 | 4.3 Medium |
| The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | ||||
| CVE-2015-9417 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 6.5 Medium |
| The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | ||||
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2024-11-21 | 6.5 Medium |
| The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | ||||
| CVE-2015-9409 | 1 Alo-easymail Project | 1 Alo-easymail | 2024-11-21 | 6.5 Medium |
| The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | ||||
| CVE-2015-9408 | 1 Cyberseo | 1 Xpinner Lite | 2024-11-21 | 6.5 Medium |
| The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | ||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 6.5 Medium |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | ||||
| CVE-2015-9387 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 6.5 Medium |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | ||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | ||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2024-11-21 | N/A |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | ||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2024-11-21 | N/A |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | ||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2024-11-21 | N/A |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | ||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | N/A |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | ||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 8.8 High |
| The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | ||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 8.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | ||||