Search
Search Results (334259 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10967 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-21 | 6.1 Medium |
| The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. | ||||
| CVE-2016-10966 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-21 | 7.5 High |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | ||||
| CVE-2016-10965 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-21 | 7.5 High |
| The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. | ||||
| CVE-2016-10964 | 1 Findshorty | 1 Dwnldr | 2024-11-21 | 6.1 Medium |
| The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. | ||||
| CVE-2016-10963 | 1 Icegram | 1 Icegram Engage | 2024-11-21 | 6.1 Medium |
| The icegram plugin before 1.9.19 for WordPress has XSS. | ||||
| CVE-2016-10962 | 1 Icegram | 1 Icegram Engage | 2024-11-21 | 6.5 Medium |
| The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. | ||||
| CVE-2016-10961 | 1 Inkthemes | 1 Colorway | 2024-11-21 | 6.1 Medium |
| The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. | ||||
| CVE-2016-10960 | 1 Joomlaserviceprovider | 1 Wsecure | 2024-11-21 | 8.8 High |
| The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. | ||||
| CVE-2016-10959 | 1 Estatik | 1 Estatik | 2024-11-21 | 6.5 Medium |
| The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10958 | 1 Estatik | 1 Estatik | 2024-11-21 | 7.5 High |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. | ||||
| CVE-2016-10957 | 1 Akal Project | 1 Akal | 2024-11-21 | 6.1 Medium |
| The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. | ||||
| CVE-2016-10956 | 1 Mail-masta Project | 1 Mail-masta | 2024-11-21 | 7.5 High |
| The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. | ||||
| CVE-2016-10955 | 1 Cysteme | 1 Cysteme-finder | 2024-11-21 | 9.8 Critical |
| The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. | ||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2024-11-21 | 9.8 Critical |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | ||||
| CVE-2016-10953 | 1 Headwaythemes | 1 Headway | 2024-11-21 | 5.4 Medium |
| The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | ||||
| CVE-2016-10952 | 1 Quotes Collection Project | 1 Quotes Collection | 2024-11-21 | 6.1 Medium |
| The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. | ||||
| CVE-2016-10951 | 1 Firestormplugins | 1 Fs-shopping-cart | 2024-11-21 | 7.2 High |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | ||||
| CVE-2016-10950 | 1 Sirv | 1 Sirv | 2024-11-21 | 8.8 High |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | ||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | 8.8 High |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | ||||
| CVE-2016-10948 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 8.1 High |
| The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. | ||||