Web Vulnerabilities (Level 1 Scan)
Vulnerability Name CVE CWE Severity
.htaccess file readable CWE-16
ASP code injection CWE-95 High
ASP.NET MVC version disclosure CWE-200 Low
ASP.NET application trace enabled CWE-16 Medium
ASP.NET debugging enabled CWE-16 Low
ASP.NET diagnostic page CWE-200 Medium
ASP.NET error message CWE-200 Medium
ASP.NET padding oracle vulnerability CVE-2010-3332 CWE-310 High
ASP.NET path disclosure CWE-200 Low
ASP.NET version disclosure CWE-200 Low
AWStats script CWE-538 Medium
Access database found CWE-538 Medium
Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629CVE-2013-0631 CVE-2013-0 CWE-287 High 632
Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 High
Adobe Coldfusion 8 multiple linked XSS CVE-2009-1872 CWE-79 High vulnerabilies
Adobe Flex 3 DOM-based XSS vulnerability CVE-2008-2640 CWE-79 High
AjaxControlToolkit directory traversal CVE-2015-4670 CWE-434 High
Akeeba backup access control bypass CWE-287 High
AmCharts SWF XSS vulnerability CVE-2012-1303 CWE-79 High
Amazon S3 public bucket CWE-264 Medium
AngularJS client-side template injection CWE-79 High
Apache 2.0.39 Win32 directory traversal CVE-2002-0661 CWE-22 High
Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017 CWE-20 High
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425 CWE-20 High
Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 Medium
Apache 2.x version older than 2.0.43 CVE-2002-0840 CVE-2002-1156 CWE-538 Medium
Apache 2.x version older than 2.0.45 CVE-2003-0132 CWE-400 Medium
Apache 2.x version older than 2.0.46 CVE-2003-0083 CVE-2003-0134CVE-2003-0189 CVE-2003-0 CWE-20 Medium 245
Apache 2.x version older than 2.0.47 CVE-2003-0192 CVE-2003-0253CVE-2003-0254 CWE-20 Medium
Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789 CWE-119 Medium
Apache 2.x version older than 2.0.49 CVE-2003-0020 CVE-2004-0113CVE-2004-0174 CWE-20 Medium
Apache 2.x version older than 2.0.51 CVE-2004-0747 CVE-2004-0748CVE-2004-0751 CVE-2004-0 CWE-119 Medium 786CVE-2004-0809
Apache 2.x version older than 2.0.55 CVE-2005-1268 CVE-2005-2088CVE-2005-2491 CVE-2005-2 CWE-119 Medium 700CVE-2005-2728 CVE-2005-2970
�1 Vulnerability Name CVE CWE Severity
Apache 2.x version older than 2.0.61 CVE-2006-5752 CVE-2007-1863CVE-2007-3304 CVE-2007-3 CWE-701 Medium 847
Apache 2.x version older than 2.0.63 CVE-2007-5000 CVE-2007-6388CVE-2008-0005 CWE-79 Medium
Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791 CWE-79 Low
Apache 2.x version older than 2.2.3 CVE-2006-3747 CWE-189 Medium
Apache 2.x version older than 2.2.6 CVE-2006-5752 CVE-2007-1862CVE-2007-1863 CVE-2007-3 CWE-20 Medium 304CVE-2007-3847
Apache 2.x version older than 2.2.8 CVE-2007-5000 CVE-2007-6388CVE-2007-6421 CVE-2007-6 CWE-79 Medium 422CVE-2008-0005
Apache 2.x version older than 2.2.9 CVE-2007-6420 CVE-2008-2364 CWE-399 Medium
Apache Axis2 administration console weak CWE-200 High password
Apache Axis2 information disclosure CWE-200 Medium
Apache Axis2 web services enumeration CWE-200 Low
Apache Axis2 xsd local file inclusion CWE-22 High
Apache Geronimo default administrative CWE-16 High credentials
Apache JServ protocol service CWE-16 Medium
Apache Proxy HTTP CONNECT method enabled CWE-16 Medium
Apache Roller OGNL injection CVE-2013-4212 CWE-20 High
Apache Solr endpoint CWE-16 Low
Apache Struts 2 ClassLoader manipulation and CVE-2014-0094 CWE-701 High denial of service
Apache Struts 2 ClassLoader manipulation and CVE-2014-0112 CWE-701 High denial of service
Apache Struts 2 DefaultActionMapper Prefixes CVE-2013-2251 CWE-20 High OGNL Code Execution
Apache Struts2 remote code execution CVE-2016-0785 CWE-78 High vulnerability
Apache Tomcat "allowLinking" on Case Insensitive CWE-538 High Filesystems
Apache Tomcat "allowLinking" on case insensitive CVE-2008-2938 CWE-22 High filesystems
Apache Tomcat JK connector security bypass CVE-2007-1860 CWE-16 High
Apache Tomcat WAR file directory traversal CVE-2009-2693 CVE-2009-2901 CWE-22 Medium vulnerability
Apache Tomcat directory host Appbase CVE-2009-2901 CWE-264 Medium authentication bypass vulnerability
Apache Tomcat directory traversal CVE-2007-0450 CWE-22 Medium
Apache Tomcat examples directory vulnerabilities CWE-264 Medium
Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 Low
Apache Tomcat insecure default administrative CWE-284 High password
Apache Tomcat sample files CWE-538 Medium
�2 Vulnerability Name CVE CWE Severity
Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355CVE-2007-2449 CVE-2007-2 CWE-79 Medium 450CVE-2007-3382 CVE-2007-3383CVE-2007-3385 CVE-200 7-5333CVE-2007-5461
Apache Tomcat version older than 4.1.39 CVE-2008-0128 CVE-2008-1232CVE-2008-2370 CWE-22 Medium
Apache Tomcat version older than 5.5.25 CVE-2007-2449 CVE-2007-2450CVE-2007-3382 CVE-2007-3 CWE-79 Medium 385CVE-2007-3386
Apache Tomcat version older than 5.5.26 CVE-2007-5333 CVE-2007-5342CVE-2007-5461 CVE-2007-6 CWE-264 Medium 286
Apache Tomcat version older than 5.5.27 CVE-2008-1232 CVE-2008-1947CVE-2008-2370 CWE-22 Medium
Apache Tomcat version older than 6.0.10 CVE-2007-0450 CWE-22 Medium
Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355 CWE-79 Medium
Apache Tomcat version older than 6.0.14 CVE-2007-2449 CVE-2007-2450CVE-2007-3382 CVE-2007-3 CWE-79 Medium 385CVE-2007-3386
Apache Tomcat version older than 6.0.16 CVE-2007-5333 CVE-2007-5342CVE-2007-5461 CVE-2007-6 CWE-264 Medium 286CVE-2008-0002
Apache Tomcat version older than 6.0.18 CVE-2008-1232 CVE-2008-1947CVE-2008-2370 CWE-79 Medium
Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375CVE-2012-0022 CWE-264 High
Apache Tomcat version older than 6.0.36 CVE-2012-2733 CVE-2012-3439CVE-2012-3546 CVE-2012-4 CWE-20 High 431CVE-2012-4534
Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 Low
Apache Tomcat version older than 6.0.9 CVE-2008-0128 CWE-16 Medium
Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 High
Apache Tomcat version older than 7.0.23 CVE-2012-0022 CWE-189 High
Apache Tomcat version older than 7.0.28 CVE-2012-2733 CVE-2012-4534 CWE-20 High
Apache Tomcat version older than 7.0.30 CVE-2012-3439 CVE-2012-3544CVE-2012-3546 CWE-20 High
Apache Tomcat version older than 7.0.32 CVE-2012-4431 CWE-264 High
Apache Win32 batch file remote command CVE-2002-0061 CWE-20 High execution vulnerability
Apache configured to run as proxy CWE-16 Medium
Apache error log escape sequence injection CVE-2003-0020 CWE-20 Medium vulnerability
Apache httpOnly cookie disclosure CVE-2012-0053 CWE-264 Medium
Apache httpd remote denial of service CVE-2011-3192 CWE-399 Medium
Apache mod_negotiation filename bruteforcing CWE-538 Low
Apache mod_rewrite off-by-one buffer overflow CVE-2006-3747 CWE-189 High vulnerability
Apache perl-status enabled CWE-200 Medium
Apache server-info enabled CWE-200 Medium
Apache server-status enabled CWE-200 Medium
Apache solr service exposed CWE-16 High
Apache stronghold-info enabled CWE-200 Low
Apache stronghold-status enabled CWE-200 Low
�3 Vulnerability Name CVE CWE Severity
Apache version older than 1.3.27 CVE-2002-0839 CVE-2002-0840CVE-2002-0843 CWE-119 Medium
Apache version older than 1.3.28 CVE-2003-0460 CWE-20 Medium
Apache version older than 1.3.29 CVE-2003-0542 CWE-119 Medium
Apache version older than 1.3.31 CVE-2003-0020 CVE-2003-0987CVE-2003-0993 CVE-2004-0 CWE-264 Medium 174
Apache version older than 1.3.34 CVE-2005-2088 CWE-20 Medium
Apache version older than 1.3.37 CVE-2006-3747 CWE-189 Medium
Apache version older than 1.3.39 CVE-2006-5752 CVE-2007-3304 CWE-79 Medium
Apache version older than 1.3.41 CVE-2007-6388 CWE-79 Medium
Apache version up to 1.3.33 htpasswd local CVE-2006-1078 CWE-119 Low overflow
Application error message CWE-200 Medium
Arbitrary file creation CWE-20 High
Arbitrary file deletion CWE-20 High
Arbitrary file existence disclosure in Action Pack CVE-2014-7829 CWE-200 Medium
Arbitrary local file read via file upload CWE-200 High
Aspect Low
Atlassian Jira DOM-based cross-site scripting CWE-79 High vulnerability
BREACH attack CVE-2013-3587 CWE-310 Medium
Backup files CWE-538 Medium
Barracuda networks products multiple directory CWE-22 High traversal vulnerabilities
Bash code injection vulnerability CVE-2014-6271 CWE-78 High
Basic authentication over HTTP CWE-16 Medium
Bazaar repository found CWE-538 High
Blind XSS CWE-80 High
Bonjour service running CWE-16 Low
Broken links CWE-16 Informational
CKEditor 4.0.1 cross-site scripting vulnerability CWE-79 High
CRIME SSL/TLS attack CVE-2012-4929 CWE-310 Medium
CRLF injection/HTTP response splitting CWE-113 Medium
CVS web repository CWE-16 High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 High
Chargen service running CWE-16 Medium
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392 CWE-119 High
Chrome Logger information disclosure CWE-16 Medium
Clickjacking: X-Frame-Options header missing CWE-693 Low
Code execution CWE-94 High
�4 Vulnerability Name CVE CWE Severity
CodeIgniter 2.1.3 xss_clean() filter bypass CVE-2013-4891 CWE-80 High
CodeIgniter session decoding vulnerability CWE-16 High
CodeIgniter weak encryption key CWE-200 High
ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265 CWE-22 High
ColdFusion 9 solr service exposed CVE-2010-0185 CWE-264 High
ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 High
ColdFusion administrator login page publicly CWE-16 Low available
ColdFusion directory traversal CVE-2010-2861 CWE-22 High
ColdFusion path disclosure CWE-200 Low
Configuration file disclosure CWE-538 High
Configuration file source code disclosure CWE-538 High
Content type is not specified CWE-16 Informational
Cookie without HttpOnly flag set CWE-16 Low
Cookie without Secure flag set CWE-16 Low
Core dump checker PHP script CWE-200 Medium
Core dump file CWE-200 High
Credit card number disclosed CWE-200 Medium
Cross domain data hijacking CWE-20 Medium
Cross frame scripting CWE-79 Medium
Cross site scripting CWE-79 High
Cross site scripting vulnerability in JW Player SWF CVE-2012-3351 CWE-79 High
Cross site scripting vulnerability in SimpleViewer CWE-79 High
Cross site scripting vulnerability in Uploadify SWF CWE-79 High
Cross site scripting vulnerability in CWE-79 High ZeroClipboard.swf
Cross site scripting vulnerability in clipboard.swf CWE-79 High
Cross site scripting vulnerability in flowplayer SWF CVE-2013-7342 CWE-79 High
Cross site scripting vulnerability in jPlayer SWF CVE-2013-2023 CWE-79 High
Cross-site scripting vulnerability in Google Web CVE-2012-4563 CWE-80 High Toolkit
Cross-site scripting vulnerability in Google Web CVE-2012-5920 CWE-80 High Toolkit
Cross-site scripting vulnerability in Open Flash CVE-2013-1636 CWE-79 High Chart
DNS cache poisoning CVE-2008-1447 CWE-16 High
DNS cache snooping CWE-16 Medium
DNS open recursion CWE-16 Medium
DNS zone transfer CVE-1999-0532 CWE-16 High
�5 Vulnerability Name CVE CWE Severity
DOM-based cross site scripting CWE-79 High
Database connection string disclosure CWE-200 Medium
Daytime service running CWE-16 Informational
Debian OpenSSL predictable random number CVE-2008-0166 CWE-310 High generator
Debian OpenSSL predictable random number CVE-2008-0166 CWE-310 High generator
Development configuration file CWE-538 Medium
Devise weak password CWE-200 High
Directory listing CWE-538 Medium
Directory traversal CWE-22 High
Directory traversal in Spring framework CVE-2014-3625 CWE-22 High
Django debug mode enabled CWE-200 Medium
Documentation file CWE-538 Low
DotNetNuke multiple vulnerabilities CVE-2012-1030 CWE-79 High
Drupal 7 arbitrary PHP code execution and CVE-2012-4553 CVE-2012-4554 CWE-264 High information disclosure
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1) CVE-2005-0682 CWE-79 High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5) CVE-2005-3973 CWE-79 High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7) CVE-2006-1226 CWE-79 High
Drupal Core 4.5.x Mail Header Injection (4.5.0 - CWE-20 High 4.5.7)
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - CWE-79 CWE-1 High 4.5.5) 13
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7) CWE-264 High
Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7) CWE-384 High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - CVE-2006-2743 CWE-95 High 4.6.6)
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - CVE-2006-2831 CWE-95 High 4.6.7)
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 CVE-2006-5476 CWE-352 High - 4.6.9)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - CVE-2007-0136 CWE-79 High 4.6.10)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3) CVE-2005-3973 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5) CVE-2006-1226 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7) CVE-2006-2833 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8) CVE-2006-4002 CWE-79 High
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10) CVE-2007-0124 CWE-400 High
Drupal Core 4.6.x Form Action Attribute Injection CVE-2006-5477 CWE-20 High (4.6.0 - 4.6.9)
�6 Vulnerability Name CVE CWE Severity
Drupal Core 4.6.x Mail Header Injection (4.6.0 - CWE-20 High 4.6.5)
Drupal Core 4.6.x Multiple Cross-Site Scripting CVE-2006-5475 CWE-79 High Vulnerabilities (4.6.0 - 4.6.9)
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - CWE-79 CWE-1 High 4.6.3) 13
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6) CVE-2006-2742 CWE-89 High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3) CVE-2005-3974 CWE-264 High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5) CWE-264 High
Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5) CWE-384 High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - CVE-2006-2743 CWE-95 High 4.7.0)
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - CVE-2007-0626 CWE-95 High 4.7.5)
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 CVE-2008-0272 CWE-352 High - 4.7.10)
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 CVE-2006-5476 CWE-352 High - 4.7.3)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1) CVE-2006-2833 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - CVE-2008-0273 CWE-79 High 4.7.10)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - CVE-2008-0274 CWE-79 High 4.7.10)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2) CVE-2006-4002 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4) CVE-2007-0136 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7) CVE-2007-5596 CWE-79 High
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4) CVE-2007-0124 CWE-400 High
Drupal Core 4.7.x Form Action Attribute Injection CVE-2006-5477 CWE-20 High (4.7.0 - 4.7.3)
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - CVE-2007-5595 CWE-113 High 4.7.7)
Drupal Core 4.7.x Multiple Cross-Site Scripting CVE-2006-5475 CWE-79 High Vulnerabilities (4.7.0 - 4.7.3)
Drupal Core 4.7.x Multiple Cross-Site Scripting CVE-2007-4064 CWE-79 High Vulnerabilities (4.7.0 - 4.7.6)
Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - CVE-2006-2831 CVE-2006-2832 CWE-79 CWE-9 High 4.7.1) 5
Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.0) CVE-2006-2742 CWE-89 High
Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8) CVE-2007-6299 CWE-89 High
Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7) CVE-2007-5597 CWE-702 High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0) CVE-2007-0626 CWE-95 High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) CVE-2007-5593 CWE-95 High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - CVE-2007-5594 CWE-352 High 5.2)
�7 Vulnerability Name CVE CWE Severity
Drupal Core 5.x Cross-Site Request Forgery (5.0 - CVE-2008-0272 CWE-352 High 5.5)
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16) CVE-2009-1575 CVE-2009-1576CVE-2009-1844 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17) CVE-2009-1844 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2) CVE-2007-5596 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20) CVE-2009-4369 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5) CVE-2008-0274 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5) CVE-2008-0273 CWE-79 High
Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2) CVE-2007-5595 CWE-113 High
Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374 CWE-200 High
Drupal Core 5.x Local File Inclusion (5.0 - 5.11) CVE-2008-6171 CWE-22 High
Drupal Core 5.x Local File Inclusion (5.0 - 5.15) CWE-22 High
Drupal Core 5.x Multiple Cross-Site Request CVE-2007-4063 CWE-352 High Forgery Vulnerabilities (5.0 - 5.1)
Drupal Core 5.x Multiple Cross-Site Scripting CVE-2007-4064 CWE-79 High Vulnerabilities (5.0 - 5.1)
Drupal Core 5.x Multiple Security Bypass CVE-2008-4790 CVE-2008-4791CVE-2008-4792 CVE-2008-4 CWE-264 High Vulnerabilities (5.0 - 5.10) 793
Drupal Core 5.x Multiple Security Bypass CVE-2010-3092 CVE-2010-3093 CWE-264 High Vulnerabilities (5.0 - 5.22)
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12) CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-3 High 52
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.21) CWE-79 CWE-2 High 64 CWE-601
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7) CVE-2008-3219 CVE-2008-3220CVE-2008-3222 CWE-352 CWE- High 384
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9) CVE-2008-3740 CVE-2008-3741CVE-2008-3742 CVE-2008-3 CWE-79 CWE-3 High 744 52 CWE-434
Drupal Core 5.x SQL Injection (5.0 - 5.14) CWE-89 High
Drupal Core 5.x SQL Injection (5.0 - 5.3) CVE-2007-6299 CWE-89 High
Drupal Core 5.x Security Bypass (5.0 - 5.2) CVE-2007-5597 CWE-702 High
Drupal Core 5.x Session Fixation (5.0 - 5.19) CWE-384 High
Drupal Core 5.x Session Fixation (5.0 - 5.8) CWE-384 High
Drupal Core 6.x Cross-Site Scripting (6.0 - 6.10) CVE-2009-1575 CVE-2009-1576CVE-2009-1844 CWE-79 High
Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11) CVE-2009-1844 CWE-79 High
Drupal Core 6.x Denial of Service (6.0 - 6.32) CVE-2014-5265 CVE-2014-5266CVE-2014-5267 CWE-400 High
Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983 CWE-200 High
Drupal Core 6.x Local File Inclusion (6.0 - 6.9) CWE-22 High
Drupal Core 6.x Multiple Cross-Site Scripting CVE-2008-1131 CVE-2008-1133 CWE-79 High Vulnerabilities (6.0 - 6.0)
Drupal Core 6.x Multiple Cross-Site Scripting CVE-2009-4369 CVE-2009-4370 CWE-79 High Vulnerabilities (6.0 - 6.14)
�8 Vulnerability Name CVE CWE Severity
Drupal Core 6.x Multiple Cross-Site Scripting CWE-79 High Vulnerabilities (6.0 - 6.20)
Drupal Core 6.x Multiple Security Bypass CVE-2008-4789 CVE-2008-4791CVE-2008-4792 CWE-264 High Vulnerabilities (6.0 - 6.4)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.12) CVE-2009-2372 CVE-2009-2373CVE-2009-2374 CWE-79 CWE-2 High 00 CWE-264
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.13) CWE-264 CWE- High 352 CWE-434
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15) CWE-79 CWE-2 High 64 CWE-601
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17) CVE-2010-3091 CVE-2010-3092CVE-2010-3093 CVE-2010-3 CWE-79 CWE-2 High 094CVE-2010-3685 CVE-2010-3686 64
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2) CVE-2008-3218 CVE-2008-3219CVE-2008-3220 CVE-2008-3 CWE-79 CWE-8 High 221CVE-2008-3222 CVE-2008-3223 9 CWE-352 CWE -384
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.22) CVE-2012-0825 CVE-2012-0826 CWE-264 CWE- High 352
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.26) CVE-2012-5651 CVE-2012-5652CVE-2012-5653 CWE-95 CWE-2 High 64
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27) CVE-2013-0244 CVE-2013-0245 CWE-79 CWE-2 High 64
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28) CVE-2013-6385 CVE-2013-6386 CWE-95 CWE-2 High 64 CWE-330
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3) CVE-2008-3740 CVE-2008-3741CVE-2008-3742 CVE-2008-3 CWE-79 CWE-2 High 743CVE-2008-3744 CVE-2008-3745 64 CWE-352 CW E-434
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.31) CVE-2014-5019 CVE-2014-5021 CWE-79 CWE-4 High 00
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.34) CVE-2015-2559 CVE-2015-2749CVE-2015-2750 CWE-264 CWE- High 601
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.36) CVE-2015-6658 CVE-2015-6660CVE-2015-6661 CWE-79 CWE-2 High 00 CWE-352
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.37) CVE-2016-3163 CVE-2016-3164CVE-2016-3165 CVE-2016-3 CWE-113 CWE- High 166CVE-2016-3167 CVE-2016-3168CVE-2016-3169 CVE-201 287 CWE-405C 6-3171 WE-601
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.5) CVE-2008-6170 CVE-2008-6171 CWE-22 CWE-7 High 9
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6) CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-3 High 52
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8) CWE-89 CWE-2 High 64
Drupal Core 6.x Security Bypass (6.0 - 6.1) CWE-264 High
Drupal Core 6.x Security Bypass (6.0 - 6.29) CVE-2014-1475 CWE-287 High
Drupal Core 6.x Security Bypass (6.0 - 6.35) CVE-2015-3234 CWE-287 High
Drupal Core 6.x Session Hijacking (6.0 - 6.33) CVE-2014-9015 CWE-384 High
Drupal Core 7.x Cross-Site Request Forgery (7.0 - CVE-2007-6752 CWE-352 High 7.12)
Drupal Core 7.x Denial of Service (7.0 - 7.19) CVE-2013-0316 CWE-400 High
�9 Vulnerability Name CVE CWE Severity
Drupal Core 7.x Denial of Service (7.0 - 7.30) CVE-2014-5265 CVE-2014-5266CVE-2014-5267 CWE-400 High
Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922 CWE-200 High
Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983 CWE-200 High
Drupal Core 7.x Multiple Security Bypass CVE-2014-1475 CVE-2014-1476 CWE-264 CWE- High Vulnerabilities (7.0 - 7.25) 287
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.0) CWE-79 CWE-2 High 64
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.10) CVE-2012-0825 CVE-2012-0826CVE-2012-0827 CWE-264 CWE- High 352
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.12) CVE-2012-1588 CVE-2012-1589CVE-2012-1590 CVE-2012-1 CWE-264 CWE- High 591CVE-2012-2153 400 CWE-601
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.15) CVE-2012-4553 CVE-2012-4554 CWE-95 CWE-5 High 38
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.17) CVE-2012-5651 CVE-2012-5653 CWE-95 CWE-2 High 64
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.18) CVE-2013-0244 CVE-2013-0245CVE-2013-0246 CWE-79 CWE-2 High 64
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23) CVE-2013-6385 CVE-2013-6386CVE-2013-6387 CVE-2013-6 CWE-79 CWE-9 High 388CVE-2013-6389 5 CWE-264 CWE -330 CWE-601
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.28) CVE-2014-5019 CVE-2014-5020CVE-2014-5021 CVE-2014-5 CWE-79 CWE-2 High 022 64 CWE-400
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.33) CVE-2014-9015 CVE-2014-9016 CWE-384 CWE- High 400
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.34) CVE-2015-2559 CVE-2015-2749CVE-2015-2750 CWE-264 CWE- High 601
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.37) CVE-2015-3231 CVE-2015-3232CVE-2015-3233 CVE-2015-3 CWE-200 CWE- High 234 287 CWE-601
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.38) CVE-2015-6658 CVE-2015-6659CVE-2015-6660 CVE-2015-6 CWE-79 CWE-8 High 661CVE-2015-6665 9 CWE-200 CWE -352
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.42) CVE-2016-3162 CVE-2016-3163CVE-2016-3164 CVE-2016-3 CWE-200 CWE- High 168CVE-2016-3169 CVE-2016-3170 287 CWE-400C WE-405 CWE-60 1
Drupal Core 7.x Open Redirect (7.0 - 7.40) CVE-2015-7943 CWE-601 High
Drupal Core 7.x SQL Injection (7.0 - 7.31) CVE-2014-3704 CWE-89 High
Drupal Core 7.x Security Bypass (7.0 - 7.2) CVE-2011-2687 CWE-264 High
Drupal Core 7.x Security Bypass (7.0 - 7.4) CVE-2011-2726 CWE-264 High
Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - CVE-2016-3162 CVE-2016-3164CVE-2016-3170 CWE-200 CWE- High 8.0.3) 287 CWE-400C WE-601
Drupal Views module information disclosure CWE-200 Medium vulnerability
Drupal core 7.x SQL injection vulnerability CVE-2014-3704 CWE-89 High
Echo service running CWE-16 Medium
Ektron CMS Account Hijack CWE-264 High
�10 Vulnerability Name CVE CWE Severity
Ektron CMS multiple vulnerabilities CWE-434 High
Ektron CMS unauthenticated code execution and CVE-2012-5357 CVE-2012-5358 CWE-20 High Local File Read
Ektron CMS400.NET ContentRatingGraph.aspx SQL CVE-2008-5122 CWE-89 High injection
EktronCMS Saxon XSLT parser remote code CVE-2015-0931 CWE-78 High execution
Elasticsearch remote code execution CVE-2014-3120 CWE-78 High
Elasticsearch service accessible CWE-16 High
Email Header Injection CWE-20 High
Email address found CWE-200 Informational
Email injection CWE-20 High
Environment variable information disclosure CWE-200 Low
Error message CWE-200 Medium
Error message on page CWE-200 Medium
Error page path disclosure CWE-200 Low
Error page web server version disclosure CWE-200 Informational
Exim Illegal IPv6 Address and SPA Authentication CVE-2005-0021 CWE-119 High Buffer Overflow
Expression language injection CWE-917 High
Ext JS arbitrary file read CWE-22 High
ExtJS charts.swf cross site scripting CWE-80 High
FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 Medium
FCKeditor spellchecker.php cross site scripting CVE-2012-4000 CWE-79 High vulnerability
FTP anonymous logins CWE-16 Low
FTP anonymous writable directories CWE-16 Medium
FTP weak password CWE-16 High
Fantastico fileslist CWE-538 Medium
File inclusion CWE-20 High
File tampering CWE-20 Medium
File upload CWE-16 Low
File upload XSS CWE-79 High
File upload XSS (Java applet) CWE-79 High
Files listed in robots.txt but not linked CWE-200 Informational
Finger service running CWE-16 Medium
Flask debug mode CWE-16 High
Frontpage authors.pwd available CWE-538 Medium
Frontpage extensions enabled CWE-16 Low
�11 Vulnerability Name CVE CWE Severity
Full public read access Azure blob storage CWE-264 Medium
Gallery 3.0.4 remote code execution CWE-20 High
Genericons DOM-based XSS vulnerability CWE-80 High
Git repository found CWE-538 High
GlassFish admin console weak credentials CWE-16 High
Global.asa backup file found CWE-538 Medium
Grails database console CWE-16 Medium
HTML Form found in redirect page CWE-287 Low
HTML form susceptible to spam CWE-20 Medium
HTML form without CSRF protection CWE-352 Medium
HTML injection CWE-80 Medium
HTTP parameter pollution CWE-88 Medium
HTTP verb tampering CWE-285 High
HTTP verb tampering CWE-285 High
HTTP.sys remote code execution vulnerability CVE-2015-1635 CWE-119 High
HTTPS connection is using SSL version 2 CWE-310 Medium
HTTPS connection with weak key length CWE-310 Medium
Hadoop cluster web interface CWE-16 High
Hidden form input named price was found CWE-16 Low
HipChat for JIRA plugin - Velocity template injection CVE-2015-5603 CWE-94 High
Horde remote code execution CVE-2014-1691 CWE-94 High
Horde/IMP Plesk webmail exploit CWE-20 High
Host header attack CWE-20 Medium
Host header attack AcuMonitor CWE-20 High
Hostile subdomain takeover CWE-16 High
Http redirect security bypass CWE-20 High
IBM Lotus Domino web server Cross-Site Scripting CVE-2012-3301 CVE-2012-3302 CWE-79 High vulnerabilities
IBM Tivoli Access Manager directory traversal CVE-2010-4622 CVE-2011-0494 CWE-22 High
IBM Web Content Manager XPath injection CVE-2013-6735 CWE-264 High
IBM WebSphere administration console weak CWE-200 High password
IBM WebSphere application source file exposure CWE-200 High
IIS extended unicode directory traversal CVE-2000-0884 CWE-22 High vulnerability
IMAP weak password CWE-16 High
Insecure CORS configuration High
Insecure Flash embed parameter CWE-284 Low
�12 Vulnerability Name CVE CWE Severity
Insecure clientaccesspolicy.xml file CWE-16 Medium
Insecure crossdomain.xml file CWE-284 Medium
Insecure response with wildcard '*' in Access- CWE-16 Low Control-Allow-Origin
Insecure transition from HTTP to HTTPS in form CWE-200 Medium post
Insecure transition from HTTPS to HTTP in form CWE-200 Low post
Internet Explorer XSS Protection disabled on this CWE-16 Informational page
Internet Information Server returns IP address in CWE-200 Low HTTP header (Content-Location)
Invision Power Board version 3.3.4 unserialize PHP CVE-2012-5692 CWE-20 High code execution
JAAS authentication bypass CWE-16 High
JBoss BSHDeployer MBean CWE-16 High
JBoss HttpAdaptor JMXInvokerServlet CWE-16 High
JBoss JMX Console Unrestricted Access CWE-16 High
JBoss JMX management console CWE-16 High
JBoss Seam framework remote code execution CVE-2010-1871 CWE-94 High
JBoss Seam remoting vulnerabilities CVE-2013-6447 CVE-2013-6448 CWE-611 High
JBoss Server MBean CWE-16 High
JBoss ServerInfo MBean CVE-2010-0738 CWE-16 High
JBoss Web Console JMX Invoker CWE-16 High
JBoss status servlet information leak CVE-2010-1429 CWE-200 Medium
JBoss web service console CWE-200 Low
JIRA Security Advisory 2012-08-28 CWE-79 High
JIRA Security Advisory 2013-02-21 CWE-16 High
JIRA Security Advisory 2014-02-26 CWE-22 High
JSF ViewState client side storage CWE-16 Medium
JSP authentication bypass CWE-287 High
JVM version leakage CWE-200 Low
Java Debug Wire Protocol remote code execution CWE-16 High
Java Management Extensions (JMX/RMI) service CWE-16 Medium detected
Java object deserialization of user-supplied data CWE-20 Medium
Javascript eval() usage CWE-200 Informational
Jenkins dashboard CWE-200 Medium
JetBrains .idea project directory CWE-538 Medium
JetLeak vulnerability CVE-2015-2080 CWE-200 High
�13 Vulnerability Name CVE CWE Severity
Jetpack 2.9.3: Critical Security Update CVE-2014-0173 CWE-287 High
Joomla 1.5 end of life CWE-16 High
Joomla! 1.6.0 SQL injection vulnerability CVE-2011-1151 CWE-89 High
Joomla! 1.6/1.7/2.5 privilege escalation vulnerability CVE-2012-1563 CWE-264 High
Joomla! 1.7/2.5 SQL injection vulnerability CVE-2012-1116 CWE-89 High
Joomla! 3.2.1 sql injection CWE-89 High
Joomla! Core 1.0 Remote File Inclusion (1.0.0 - CVE-2006-2960 CWE-94 High 1.0.0)
Joomla! Core 1.0.5 Security Bypass (1.0.5 - 1.0.5) CVE-2006-0114 CWE-264 High
Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - CVE-2006-6832 CWE-79 High 1.0.11)
Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - CWE-79 High 1.0.15)
Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - CVE-2011-0005 CWE-79 High 1.0.15)
Joomla! Core 1.0.x Multiple Cross-Site Scripting CVE-2006-4474 CWE-79 High Vulnerabilities (1.0.0 - 1.0.10)
Joomla! Core 1.0.x Multiple Cross-Site Scripting CVE-2007-4189 CVE-2007-4190CVE-2007-5577 CWE-79 High Vulnerabilities (1.0.0 - 1.0.12)
Joomla! Core 1.0.x Multiple Unspecified CVE-2006-4466 CVE-2006-4468CVE-2006-4469 CVE-2006-4 High Vulnerabilities (1.0.0 - 1.0.10) 470CVE-2006-4472 CVE-2006-4473CVE-2006-4475 CVE-200 6-4476
Joomla! Core 1.0.x Multiple Unspecified CVE-2006-6833 CVE-2006-6834 High Vulnerabilities (1.0.0 - 1.0.11)
Joomla! Core 1.0.x Multiple Unspecified CVE-2006-0303 High Vulnerabilities (1.0.0 - 1.0.5)
Joomla! Core 1.0.x Multiple Unspecified CVE-2006-1030 CVE-2006-1047 High Vulnerabilities (1.0.0 - 1.0.7)
Joomla! Core 1.0.x Multiple Unspecified CVE-2006-7008 CVE-2006-7009 High Vulnerabilities (1.0.0 - 1.0.9)
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - CVE-2007-4184 CVE-2007-4185 CWE-89 CWE-2 High 1.0.12) 00
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - CVE-2007-5427 CWE-79 CWE-3 High 1.0.13) 52
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - CVE-2005-3771 CVE-2005-3772CVE-2005-4650 CWE-79 CWE-8 High 1.0.3) 9 CWE-400
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - CVE-2006-1027 CVE-2006-1028CVE-2006-1029 CVE-2006-1 CWE-89 CWE-2 High 1.0.7) 048CVE-2006-1049 00 CWE-264 CW E-400
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - CVE-2006-3480 CVE-2006-3481CVE-2006-7010 CWE-79 CWE-8 High 1.0.9) 9
Joomla! Core 1.0.x Remote File Inclusion (1.0.11 - CVE-2008-5671 CWE-94 High 1.0.14)
Joomla! Core 1.0.x SQL Injection (1.0.0 - 1.0.11) CVE-2007-0374 CWE-89 High
Joomla! Core 1.0.x Security Bypass (1.0.0 - 1.0.10) CVE-2006-4471 CWE-264 High
Joomla! Core 1.0.x Session Fixation (1.0.0 - 1.0.12) CVE-2007-4188 CWE-287 High
�14 Vulnerability Name CVE CWE Severity
Joomla! Core 1.0.x Unspecified Vulnerability (1.0.0 - CVE-2005-3773 High 1.0.3)
Joomla! Core 1.5.12 Arbitrary File Upload (1.5.12 - CVE-2011-4906 CVE-2011-4908 CWE-434 High 1.5.12)
Joomla! Core 1.5.x Arbitrary File Upload (1.5.0 - CVE-2010-1433 CWE-434 High 1.5.15)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - CVE-2009-1939 CWE-79 High 1.5.10)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - CVE-2009-1940 CWE-79 High 1.5.10)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - CVE-2009-1938 CWE-79 High 1.5.10)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - CVE-2011-4910 CWE-79 High 1.5.11)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - CVE-2011-4909 CWE-79 High 1.5.11)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.7) CVE-2008-6299 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.9) CVE-2009-1279 CWE-79 High
Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8) CVE-2009-0113 CWE-22 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - CVE-2011-4911 CWE-200 High 1.5.11)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - CWE-200 High 1.5.12)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - CWE-200 High 1.5.14)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - CVE-2010-1432 CWE-200 High 1.5.15)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - CVE-2011-3629 CWE-200 High 1.5.23)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - CVE-2012-1599 CWE-264 High 1.5.25)
Joomla! Core 1.5.x Multiple Cross-Site Scripting CVE-2010-3712 CWE-79 High Vulnerabilities (1.5.0 - 1.5.20)
Joomla! Core 1.5.x Multiple SQL Injection CVE-2010-4166 CVE-2010-4696 CWE-89 High Vulnerabilities (1.5.0 - 1.5.21)
Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - CVE-2008-3225 CVE-2008-3226CVE-2008-3227 CVE-2008-3 CWE-16 CWE-5 High 1.5.3) 228 9 CWE-264
Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - CVE-2009-1279 CVE-2009-1280 CWE-79 CWE-3 High 1.5.9) 52
Joomla! Core 1.5.x Open Redirect (1.5.0 - 1.5.6) CVE-2008-4104 CWE-601 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.13) CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.14) CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.15) CVE-2010-1435 CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.24) CVE-2011-4321 CWE-310 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.25) CVE-2012-1598 CWE-264 High
�15 Vulnerability Name CVE CWE Severity
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.5) CVE-2008-3681 CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.6) CVE-2008-4102 CWE-330 High
Joomla! Core 1.5.x Session Fixation (1.5.0 - 1.5.15) CVE-2010-1434 CWE-384 High
Joomla! Core 1.5.x Session Hijacking (1.5.0 - 1.5.8) CVE-2008-4122 CWE-310 High
Joomla! Core 1.5.x Spam (1.5.0 - 1.5.22) CWE-20 High
Joomla! Core 1.5.x Spam (1.5.0 - 1.5.6) CVE-2008-4103 CWE-20 High
Joomla! Core 1.5.x Variable Injection (1.5.0 - 1.5.6) CVE-2008-4105 CWE-20 High
Joomla! Core 1.6.0 Multiple Vulnerabilities (1.6.0 - CVE-2010-3712 CWE-79 CWE-8 High 1.6.0) 9 CWE-200
Joomla! Core 1.6.0 Spam (1.6.0 - 1.6.0) CWE-20 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.3) CVE-2011-4332 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.5) CVE-2011-2710 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CVE-2012-0820 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CVE-2012-0822 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CVE-2011-3595 CWE-79 High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - CWE-200 High 1.6.3)
Joomla! Core 1.6.x Information Disclosure (1.6.0 - CVE-2012-0819 CWE-200 High 1.6.6)
Joomla! Core 1.6.x Information Disclosure (1.6.0 - CVE-2012-0821 CWE-200 High 1.6.6)
Joomla! Core 1.6.x Multiple Cross-Site Scripting CVE-2011-2509 CWE-79 High Vulnerabilities (1.6.0 - 1.6.3)
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3) CWE-264 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CWE-330 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CVE-2012-1562 CWE-264 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CVE-2012-1563 CWE-264 High
Joomla! Core 1.7.0 Cross-Site Scripting (1.7.0 - 1.7.0) CWE-79 High
Joomla! Core 1.7.0 Cross-Site Scripting (1.7.0 - 1.7.0) CVE-2011-3595 CWE-79 High
Joomla! Core 1.7.0 Information Disclosure (1.7.0 - CWE-200 High 1.7.0)
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.2) CWE-79 High
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.3) CVE-2012-0822 CWE-79 High
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.3) CVE-2012-0820 CWE-79 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2011-3629 CWE-200 High 1.7.1)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2011-4937 CWE-200 High 1.7.1)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2012-0819 CWE-200 High 1.7.3)
�16 Vulnerability Name CVE CWE Severity
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2012-0821 CWE-200 High 1.7.3)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2012-0835 CWE-200 High 1.7.4)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2012-0837 CWE-200 High 1.7.4)
Joomla! Core 1.7.x Information Disclosure (1.7.0 - CVE-2012-0836 CWE-200 High 1.7.4)
Joomla! Core 1.7.x SQL Injection (1.7.0 - 1.7.4) CVE-2012-1116 CWE-89 High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.2) CWE-330 High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5) CVE-2012-1563 CWE-264 High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5) CVE-2012-1562 CWE-264 High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - CVE-2012-0835 CWE-200 High 2.5.0)
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - CVE-2012-0837 CWE-200 High 2.5.0)
Joomla! Core 2.5.x Arbitrary File Upload (2.5.0 - CVE-2013-5576 CWE-434 High 2.5.13)
Joomla! Core 2.5.x Clickjacking Vulnerability (2.5.0 - CVE-2012-5827 CWE-693 High 2.5.7)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.1) CVE-2012-1117 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - CWE-79 High 2.5.14)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - CVE-2014-7982 CWE-79 High 2.5.18)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3) CVE-2012-1612 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6) CVE-2012-4532 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6) CVE-2012-4531 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CVE-2013-3267 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CVE-2013-3058 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CVE-2013-3059 CWE-79 High
Joomla! Core 2.5.x Denial of Service (2.5.0 - 2.5.9) CVE-2013-3242 CWE-400 High
Joomla! Core 2.5.x Denial of Service (2.5.4 - 2.5.25) CVE-2014-7229 CWE-400 High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - CVE-2012-1611 CWE-200 High 2.5.3)
Joomla! Core 2.5.x Information Disclosure (2.5.0 - CVE-2012-2748 CWE-200 High 2.5.4)
Joomla! Core 2.5.x Information Disclosure (2.5.0 - CVE-2013-1453 CWE-200 High 2.5.8)
Joomla! Core 2.5.x Information Disclosure (2.5.0 - CVE-2013-3057 CWE-200 High 2.5.9)
Joomla! Core 2.5.x Remote File Inclusion (2.5.4 - CVE-2014-7228 CWE-94 High 2.5.25)
�17 Vulnerability Name CVE CWE Severity
Joomla! Core 2.5.x SQL Injection (2.5.0 - 2.5.1) CVE-2012-1116 CWE-89 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.18) CVE-2014-7984 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2) CVE-2012-1562 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2) CVE-2012-1563 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.24) CVE-2014-6632 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.4) CVE-2012-2747 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.9) CVE-2013-3056 CWE-264 High
Joomla! Core 3.0.0 Cross-Site Scripting (3.0.0 - 3.0.0) CWE-79 High
Joomla! Core 3.0.x Clickjacking Vulnerability (3.0.0 - CVE-2012-5827 CWE-693 High 3.0.1)
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CVE-2013-3059 CWE-79 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CWE-79 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CVE-2013-3058 CWE-79 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CVE-2013-3267 CWE-79 High
Joomla! Core 3.0.x Denial of Service (3.0.0 - 3.0.3) CVE-2013-3242 CWE-400 High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - CVE-2013-1455 CWE-200 High 3.0.2)
Joomla! Core 3.0.x Information Disclosure (3.0.0 - CVE-2013-1454 CWE-200 High 3.0.2)
Joomla! Core 3.0.x Information Disclosure (3.0.0 - CVE-2013-1453 CWE-200 High 3.0.2)
Joomla! Core 3.0.x Information Disclosure (3.0.0 - CVE-2013-3057 CWE-200 High 3.0.3)
Joomla! Core 3.0.x Security Bypass (3.0.0 - 3.0.3) CVE-2013-3056 CWE-264 High
Joomla! Core 3.2.x Cross-Site Scripting (3.2.0 - 3.2.4) CVE-2014-6631 CWE-79 High
Joomla! Core 3.3.x Cross-Site Scripting (3.3.0 - 3.3.3) CVE-2014-6631 CWE-79 High
Joomla! Core 3.3.x Denial of Service (3.3.0 - 3.3.4) CVE-2014-7229 CWE-400 High
Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - CVE-2014-7228 CWE-94 High 3.3.4)
Joomla! Core 3.3.x Security Bypass (3.3.0 - 3.3.3) CVE-2014-6632 CWE-264 High
Joomla! Core 3.4.x Cross-Site Scripting (3.4.0 - 3.4.3) CVE-2015-6939 CWE-79 High
Joomla! Core 3.4.x Directory Traversal (3.4.0 - 3.4.5) CVE-2015-8564 CWE-22 High
Joomla! Core 3.x.x Arbitrary File Upload (3.0.0 - CVE-2013-5576 CWE-434 High 3.1.4)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 CVE-2015-5397 CWE-352 High - 3.4.1)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 CVE-2015-8563 CWE-352 High - 3.4.5)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.1.5) CWE-79 High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2) CVE-2014-7982 CWE-79 High
Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.2.2) CVE-2014-7983 CWE-79 High
�18 Vulnerability Name CVE CWE Severity
Joomla! Core 3.x.x Denial of Service (3.0.0 - 3.2.5) CVE-2014-7229 CWE-400 High
Joomla! Core 3.x.x Directory Traversal (3.2.0 - 3.4.5) CVE-2015-8565 CWE-22 High
Joomla! Core 3.x.x Open Redirect (3.0.0 - 3.4.1) CVE-2015-5608 CWE-601 High
Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - CVE-2014-7228 CWE-94 High 3.2.5)
Joomla! Core 3.x.x SQL Injection (3.0.0 - 3.4.6) CWE-89 High
Joomla! Core 3.x.x SQL Injection (3.1.0 - 3.2.2) CVE-2014-7981 CWE-89 High
Joomla! Core 3.x.x SQL Injection (3.2.0 - 3.4.4) CVE-2015-7297 CVE-2015-7857CVE-2015-7858 CWE-89 High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2) CVE-2014-7984 CWE-264 High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.4) CVE-2014-6632 CWE-264 High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4) CVE-2015-7899 CWE-264 High
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4) CVE-2015-7859 CWE-264 High
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5) CVE-2015-8562 CWE-94 High
Joomla! JCE arbitrary file upload CWE-20 High
Joomla! JomSocial remote code execution CWE-94 High
Joomla! SQL injection vulnerability CVE-2015-7297 CVE-2015-7857CVE-2015-7858 CWE-89 High
Joomla! component Kunena Forum multiple CVE-2014-9102 CVE-2014-9103 CWE-89 High vulnerabilities
Joomla! core remote file inclusion CVE-2014-7228.xml CWE-98 High
Joomla! remote code execution vulnerability CVE-2015-8562 CWE-94 High
Joomla! v3.2.2 SQL injection CWE-89 High
Kayako Fusion v4.51.1891 - multiple web CWE-79 High vulnerabilities
LDAP anonymous binds CWE-16 Medium
LDAP injection CWE-20 High
Liferay JSON service API authentication CWE-287 High vulnerability
Login page password-guessing attack CWE-307 Low
Long password denial of service CWE-400 High
Lotus Notes formula injection CWE-89 High
Macromedia Dreamweaver remote database CVE-2004-1893 CWE-16 High scripts
Magento Cacheleak CWE-200 High
Magento remote code execution CVE-2015-1397 CVE-2015-1398CVE-2015-1399 CWE-94 High
Malware detected CWE-506 High
MantisBT multiple security issues CVE-2014-9571 CVE-2014-9572CVE-2014-9573 CVE-2014-9 CWE-200 High 624CVE-2015-1042
MediaWiki SVG cross-site scripting vulnerability CWE-79 High
MediaWiki chunked uploads security issue CVE-2013-2114 CWE-434 High
MediaWiki multiple remote vulnerabilities CVE-2012-4377 CVE-2012-4378 CWE-79 High
�19 Vulnerability Name CVE CWE Severity
MediaWiki remote code execution CVE-2014-1610 CWE-20 High
Mercurial repository found CWE-538 High
Microsoft ASP.NET Forms authentication bypass CVE-2011-3416 CWE-264 High
Microsoft Frontpage configuration information CWE-200 Informational
Microsoft IIS 5.1 directory authentication bypass CVE-2010-2731 CWE-287 High
Microsoft IIS Server service.cnf file found CWE-538 Low
Microsoft IIS WebDAV authentication bypass CVE-2009-1535 CWE-287 High
Microsoft IIS tilde directory enumeration CWE-20 High
Microsoft IIS version disclosure CWE-200 Informational
Microsoft IIS5 NTLM and Basic authentication CVE-2007-2815 CWE-264 High bypass
Microsoft Office possible sensitive information CWE-200 Informational
Microsoft SQL Server weak password CWE-16 High
Microsoft SQL Server weak password encryption CVE-2000-0199 CWE-310 Medium vulnerability
Microsoft SharePoint XSS spoofing vulnerability CVE-2015-2522 CWE-80 High
Minify arbitrary file disclosure CVE-2013-6619 CWE-538 High
Misfortune Cookie vulnerability CVE-2014-9222 CWE-119 High
MoinMoin CVE-2012-6081 multiple arbitrary code CVE-2012-6081 CWE-434 High execution vulnerabilities
MongoDB HTTP status interface CWE-16 Medium
MongoDB injection CWE-16 High
MovableType remote code execution CVE-2015-1592 CWE-94 High
Moveable Type 4.x unauthenticated remote CVE-2013-0209 CWE-287 High command execution
Multiple XSS vulnerabilities in Google Web Toolkit CVE-2013-4204 CWE-80 High
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393 CWE-264 High
Multiple vulnerabilities fixed in PHP versions 5.5.12 CVE-2014-0185 CWE-16 Medium and 5.4.28
Multiple vulnerabilities in Ioncube loader- CWE-16 High wizard.php
Multiple vulnerabilities reported in Parallels Plesk CWE-94 High Sitebuilder
MySQL 5.1 to 5.1.18 multiple vulnerabilities CVE-2007-2691 CVE-2007-2692CVE-2007-2693 CWE-264 High
MySQL Community Server 5.0 to 5.0.45 multiple CVE-2007-2691 CVE-2007-2692CVE-2007-3780 CVE-2007-3 CWE-264 Low vulnerabilities 781CVE-2007-3782
MySQL Community Server symlink attack CVE-2004-0381 CVE-2004-0388 CWE-284 High vulnerability
MySQL Community Server to 5.1.23 / 6.0.4 multiple CVE-2007-5969 CVE-2007-5970CVE-2007-6313 CVE-2008-0 CWE-264 High vulnerabilities 226CVE-2008-0227
MySQL Enterprise Server v.5.0.52 multiple CVE-2007-5969 CVE-2007-6303CVE-2007-6304 CWE-264 High vulnerabilities
�20 Vulnerability Name CVE CWE Severity
MySQL Server weak password CWE-16 High
MySQL buffer overflow in user defined functions CVE-2005-2558 CWE-119 High
MySQL connection credentials CWE-538 High
MySQL database dump CWE-538 Medium
MySQL server older than 3.23.36 CVE-2001-0407 CWE-284 High
MySQL server older than 4.0.21 CVE-2004-0957 CWE-284 High
MySQL server older than 4.0.21 or 3.23.59 CVE-2004-0835 CVE-2004-0836CVE-2004-0837 CWE-284 High
MySQL server older than 4.0.24 or 4.1.10a CVE-2005-0709 CVE-2005-0710CVE-2005-0711 CWE-284 High
MySQL server older than 4.0.6 or 3.23.54 CVE-2002-1373 CVE-2002-1374CVE-2002-1375 CVE-2002-1 CWE-284 High 376
MySQL username disclosure CWE-538 Low
MySQL utf8 4-byte truncation CWE-16 Medium
NSS Library SSL v.2.0 remote command execution CVE-2007-0009 CWE-119 High
Nagios core config manager SQL injection CVE-2013-6875 CWE-89 High vulnerability
Nginx PHP code execution via FastCGI CWE-16 High
Nginx buffer underflow vulnerability CVE-2009-2629 CWE-119 High
Nginx memory disclosure with specially crafted CVE-2012-1180 CWE-399 High HTTP backend responses
Nginx stack-based buffer overflow CVE-2013-2028 CWE-189 High
OPTIONS method is enabled CWE-200 Low
Open SOCKS server CWE-16 Medium
Open X11 server CWE-16 High
Open proxy server CWE-16 Medium
OpenX 2.8.10 backdoor CVE-2013-4211 CWE-95 High
OpenX arbitrary file upload CVE-2009-4140 CWE-434 High
OpenX xajaxargs SQL injection vulnerability CWE-89 High
Oracle Database Listener has no password CWE-16 High
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827 CWE-22 High
Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153 CWE-20 High
Oracle Sun GlassFish/Java System Application CVE-2011-0807 CWE-287 High Server Remote Authentication Bypass Vulnerability
Oracle applications logs publicy available CWE-200 Medium
PHP 4.3.0 file disclosure and possible code CVE-2003-0097 CWE-20 Medium execution
PHP 5.3.9 remote code execution CVE-2012-0830 CWE-399 High
PHP HTML entity encoder heap overflow CVE-2006-5465 CWE-119 High vulnerability
PHP HTTP POST incorrect MIME header parsing CVE-2002-0717 CWE-20 Medium vulnerability
�21 Vulnerability Name CVE CWE Severity
PHP Hash Collision denial of service vulnerability CVE-2011-4885 CWE-20 High
PHP POST file upload buffer overflow CVE-2002-0081 CWE-119 High vulnerabilities
PHP Safedir restriction bypass vulnerabilities CWE-20 High
PHP Zend_Hash_Del_Key_Or_Index vulnerability CVE-2006-3017 CWE-702 High
PHP allow_url_fopen enabled CWE-16 Medium
PHP allow_url_include enabled CWE-16 High
PHP code injection CWE-94 High
PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 Medium
PHP error logging format string vulnerability CVE-2000-0967 CWE-20 Medium
PHP errors enabled CWE-16 Medium
PHP eval() used on user input CWE-95 Informational
PHP hangs on parsing particular strings as floating CVE-2010-4645 CWE-189 Medium point number
PHP mail function ASCII control character header CVE-2002-0986 CWE-20 Medium spoofing vulnerability
PHP multipart/form-data denial of service CVE-2009-4017 CWE-400 Medium
PHP multiple vulnerabilities CVE-2004-1018 CVE-2004-1019CVE-2004-1020 CVE-2004-1 CWE-119 High 063CVE-2004-1064 CVE-2004-1065
PHP object deserialization of user-supplied data CWE-20 Medium
PHP open_basedir is not set CWE-16 Medium
PHP preg_replace used on user input CWE-20 Medium
PHP register_globals enabled CWE-16 High
PHP session.use_only_cookies disabled CWE-16 Medium
PHP session.use_trans_sid enabled CWE-16 Medium
PHP socket_iovec_alloc() integer overflow CVE-2003-0172 CWE-119 Medium
PHP super-globals-overwrite CWE-16 Medium
PHP undefined Safe_Mode_Include_Dir safemode CVE-2003-0863 CWE-16 Medium bypass vulnerability
PHP unserialize() used on user input CWE-20 Medium
PHP unspecified remote arbitrary file upload CVE-2004-0959 CWE-20 High vulnerability
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860 CWE-538 Medium
PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595 CWE-16 Medium
PHP version older than 4.4.1 CVE-2005-3388 CVE-2006-0097 CWE-16 High
PHP version older than 5.2.1 CVE-2007-1376 CVE-2007-1380CVE-2007-1453 CVE-2007-1 CWE-16 High 454
PHP version older than 5.2.3 CVE-2007-1900 CVE-2007-2756CVE-2007-2872 CWE-16 High
PHP version older than 5.2.5 CVE-2007-4840 CVE-2007-4887CVE-2007-5898 CVE-2007-5 CWE-16 High 899CVE-2007-5900
�22 Vulnerability Name CVE CWE Severity
PHP version older than 5.2.6 CVE-2007-4850 CVE-2008-0599CVE-2008-0674 CVE-2008-1 CWE-16 High 384CVE-2008-2050 CVE-2008-2051
PHP version older than 5.2.8 CVE-2008-2371 CVE-2008-2665CVE-2008-2666 CVE-2008-2 CWE-16 High 829CVE-2008-3658 CVE-2008-3659CVE-2008-3660
PHP-CGI remote code execution CVE-2012-1823 CWE-20 High
PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311 CWE-20 High
PHP-Fusion 6.00.109 SQL injection CVE-2005-4005 CWE-89 High
PHP.exe Windows CGI for Apache may let remote CVE-2002-2029 CWE-16 Low users view files on the server
PHP4 IMAP module buffer overflow vulnerability CWE-119 Medium
PHP4 multiple vulnerabilities CVE-2003-0860 CVE-2003-0861 CWE-119 Medium
PHPinfo page CWE-200 Medium
PHPinfo page found CWE-200 Medium
POP3 weak password CWE-16 High
Padding oracle attack CWE-209 High
Parallels Plesk SQL injection vulnerability CVE-2012-1557 CWE-89 High
Parallels Plesk SSO XML External Entity and Cross- CWE-611 High site scripting
Partial user controllable script source CWE-20 Medium
Password field submitted using GET method CWE-200 Medium
Password type input with auto-complete enabled CWE-200 Informational
Path Traversal in Oracle GlassFish server open CWE-22 High source edition
Plone arbitrary code execution CVE-2011-3587 CWE-78 High
Plupload cross-site scripting vulnerability CVE-2013-0237 CWE-79 High
Possible CSRF (Cross-site request forgery) Informational
Possible SQL Statement in comment CWE-200 Low
Possible cross site scripting via Host header CWE-79 High
Possible database backup CWE-538 High
Possible debug parameter found CWE-200 Medium
Possible internal IP address disclosure CWE-200 Informational
Possible relative path overwrite CWE-20 Low
Possible remote SWF inclusion CVE-2007-6244 CVE-2007-6637 CWE-79 Medium
Possible sensitive directories CWE-200 Low
Possible sensitive files CWE-200 Low
Possible server path disclosure (Unix) CWE-200 Informational
Possible server path disclosure (Windows) CWE-200 Informational
Possible social security number disclosed CWE-200 Medium
Possible username or password disclosure CWE-200 Informational
�23 Vulnerability Name CVE CWE Severity
Possible virtual host found CWE-200 Low
PostgreSQL weak password CWE-16 High
PrimeFaces 5.x Expression Language injection High
Proxy accepts CONNECT requests CWE-16 High
Proxy accepts CONNECT requests to itself CWE-16 Medium
Proxy accepts POST requests CWE-16 High
Proxy can be used to connect to arbitrary ports CWE-16 High
Public key certificate CWE-200 Low
Pyramid debug mode CWE-16 Medium
Python object deserialization of user-supplied data CWE-20 Medium
RC4 cipher suites detected CVE-2013-2566 CWE-310 Medium
RSA private key CWE-200 High
Railo administration panel cross-site scripting CWE-80 High
Rails Devise authentication password reset CVE-2013-0233 CWE-287 High
Rails application running in development mode CWE-200 Medium
Rails controller possible sensitive information CWE-200 Medium disclosure
Rails mass assignment CWE-915 High
Rails remote code execution using render :inline CVE-2016-2098 CWE-94 High
Reachable SharePoint interface CWE-16 High
RealVNC remote authentication bypass CVE-2006-2369 CWE-287 High
Reflected file download CWE-20 Medium
Remote XSL inclusion CWE-20 High
Reverse proxy bypass CVE-2011-3368 CWE-20 Medium
Rlogin service running CWE-16 Low
Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 High
Rsh service running CWE-16 Low
Ruby on Rails CookieStore session cookie CWE-284 Low persistence
Ruby on Rails SQL injection CVE-2012-2695 CWE-89 High
Ruby on Rails XML processor YAML deserialization CVE-2013-0156 CWE-20 High code execution
Ruby on Rails database configuration file CWE-538 High
Ruby on Rails database connection file CWE-538 High
Ruby on Rails directory traversal vulnerability CVE-2014-0130 CWE-22 High
Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 High
SFTP/FTP credentials exposure CWE-200 High
SMB Administrator account without password CWE-16 High
�24 Vulnerability Name CVE CWE Severity
SMB list shares CWE-16 Low
SMB null session CWE-16 Low
SMTP EXPN/VRFY verbs enabled CWE-16 Medium
SMTP open mail relay CWE-16 Medium
SNMP information disclosure CWE-16 Medium
SQL Injection in Symphony: CVE-2013-2559 CVE-2013-2559 CWE-89 High
SQL injection CWE-89 High
SQL injection in the authentication header CWE-89 High
SQLite database found CWE-538 Medium
SSH weak password CWE-16 High
SSL 2.0 deprecated protocol CWE-16 High
SSL certificate common name invalid CWE-295 Medium
SSL certificate invalid date CWE-298 High
SSL certificate public key less than 2048 bit CWE-310 Medium
SSL weak ciphers CWE-310 Medium
SVN repository found CWE-538 High
SWFUpload movieName cross site scripting CVE-2012-3414 CWE-79 High vulnerability
Same origin method execution (SOME) CWE-20 Medium
Same site scripting CWE-16 Medium
Script source code disclosure CWE-538 High
Security update: Hotfix available for ColdFusion CVE-2013-0625 CVE-2013-0629CVE-2013-0631 CVE-2013-0 CWE-255 High 632
Security vulnerability in MySQL/MariaDB sql/ CVE-2012-2122 CWE-287 High password.c
Sensitive data not encrypted CWE-200 Low
Sensitive page could be cached CWE-200 Low
Server side request forgery CWE-918 High
Server-side JavaScript injection CWE-20 High
Server-side template injection CWE-20 High
Session Cookie scoped to parent domain CWE-16 Low
Session fixation CWE-384 High
Session token in URL CWE-200 Low
SharePoint exposed web services CWE-200 Medium
SharePoint user enumeration CWE-200 High
Slow HTTP Denial of Service Attack Medium
Slow response time CWE-400 Low
Snoop Servlet information disclosure CVE-2012-2170 CWE-200 Medium
�25 Vulnerability Name CVE CWE Severity
Socks weak password CWE-16 High
Solaris in.fingerd information disclosure CVE-2001-1503 CWE-16 High vulnerability
Source code disclosure CWE-538 Medium
Spring Boot Actuator CWE-16 Medium
Struts 2 development mode CWE-16 High
Struts2/XWork remote command execution CVE-2013-1966 CVE-2013-2115 CWE-94 High
Struts2/Xwork remote command execution CVE-2010-1870 CWE-264 High
Suspicious comment CWE-200 Informational
Sybase server weak password CWE-307 High
Symfony web debug toolbar CWE-16 Medium
TCPDF arbitrary file read CWE-98 High
TLS1/SSLv3 Renegotiation Vulnerability Medium
TRACE method is enabled CWE-16 Low
TRACK method is enabled CWE-16 Low
Telnet service running CWE-16 Low
Telnet weak password CWE-307 High
The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-310 High
The FREAK attack (export cipher suites supported) CVE-2015-0204 CWE-310 Medium
The GHOST Vulnerability CVE-2015-0235 CWE-119 High
The Heartbleed Bug CVE-2014-0160 CWE-200 High
The POODLE attack (SSLv3 supported) CVE-2014-3566 CWE-16 Medium
TimThumb WebShot remote code execution CWE-94 High
TinyMCE ajax_create_folder remote code execution CWE-94 High vulnerability
Tomcat status page CWE-200 Low
ToolsPack malware plugin CWE-95 High
Tornado debug mode CWE-16 Medium
Trojan horse detected CWE-507 High
Trojan shell script CWE-507 High
Trojan shell script CWE-507 High
Typo3 core sanitizeLocalUrl() non-persistent cross- CVE-2015-5956 CWE-79 High site scripting
URL redirection CWE-601 Medium
Umbraco CMS TemplateService remote code CVE-2013-4793 CWE-94 High execution
Umbraco CMS local file inclusion CWE-98 High
Umbraco CMS remote code execution CWE-94 High
Uncontrolled format string CWE-134 High
�26 Vulnerability Name CVE CWE Severity
Unencrypted __VIEWSTATE parameter CWE-200 Medium
Unfiltered header injection in Apache CVE-2006-3918 CWE-79 High 1.3.34/2.0.57/2.2.1
Unicode transformation issues CWE-176 High
Universal Plug and Play service running CWE-287 Medium
Unprotected phpMyAdmin interface CWE-16 High
UnrealIRCd 3.2.8.1 backdoor CVE-2010-2075 CWE-20 High
Unrestricted file upload CWE-434 High
Unrestricted file upload vulnerability in CVE-2009-4140 CWE-434 High ofc_upload_image.php
Uploadify arbitrary file upload CWE-434 High
User controllable charset CWE-20 Medium
User controllable script source CWE-79 High
User controllable tag parameter CWE-79 Medium
User credentials are sent in clear text CWE-310 Medium
User-controlled form action CWE-20 Medium
VMware directory traversal and privilege escalation CVE-2009-2267 CVE-2009-3733 CWE-22 High vulnerabilities
VNC does not require authentication CWE-287 High
View state MAC disabled CWE-16 Medium
Virtual host directory listing CWE-538 Medium
VirtueMart access control bypass CWE-287 High
Vulnerabilities in SharePoint could allow elevation CVE-2012-1859 CWE-79 High of privilege
Vulnerable Javascript library CWE-16 Medium
Vulnerable project dependencies CWE-16 High
W3 total cache debug mode CWE-16 Medium
WEBrick v.1.3 directory traversal CVE-2008-1145 CWE-22 High
WS_FTP log file found CWE-538 Medium
Weak password CWE-200 High
Web Application Firewall detected CWE-16 Medium
Web server default welcome page CWE-16 Informational
WebDAV Directory with write permissions CWE-264 High
WebDAV directory listing CWE-538 Medium
WebDAV enabled CWE-16 Low
WebDAV remote code execution CWE-434 High
WebLogic Server Side Request Forgery CVE-2014-4241 CVE-2014-4210CVE-2014-4242 CWE-918 High
WebLogic admin console weak credentials CWE-16 High
Webalizer script CWE-538 Medium
�27 Vulnerability Name CVE CWE Severity
Webmail weak password CWE-200 High
Windows Terminal Services server running CWE-16 Informational
WooFramework shortcode exploit CWE-95 High
WordPress 'admin-ajax.php' SQL Injection CVE-2007-2821 CWE-89 High Vulnerability (2.1.3 - 2.1.3)
WordPress 'blog.header.php' Multiple SQL Injection CWE-89 High Vulnerabilities (0.6.2 - 0.71)
WordPress 'cat' Parameter SQL Injection CVE-2005-1810 CWE-89 High Vulnerability (1.5 - 1.5.1.1)
WordPress 'comment_post_ID' Parameter SQL CWE-89 High Injection Vulnerability (3.0.4 - 3.0.4)
WordPress 'edit.php' Cross-Site Scripting CWE-79 High Vulnerability (1.5 - 1.5)
WordPress 'get_edit_post_link()' and CVE-2008-3747 CWE-264 High 'get_edit_comment_link()' Multiple Eavesdropping Vulnerabilities (0.6.2 - 2.6)
WordPress 'index.php' Cross-Site Scripting CWE-79 High Vulnerability (1.5 - 1.5)
WordPress 'paged' Parameter SQL Injection CVE-2006-3389 CWE-89 High Vulnerability (2.0.2 - 2.0.5)
WordPress 'post.php' Cross-Site Scripting CWE-79 High Vulnerability (1.5 - 1.5)
WordPress 'press-this.php' Multiple Cross-Site CVE-2008-3233 CWE-79 High Scripting Vulnerabilities (2.0 - 2.5.1)
WordPress 'press-this.php' Remote Security Bypass CVE-2011-5270 CWE-264 High Vulnerability (0.7 - 3.1.1)
WordPress 'swfupload.swf' Cross-Site Scripting CVE-2012-3414 CWE-79 High Vulnerability (2.5 - 3.3.1)
WordPress 'templates.php' Cross-Site Scripting CVE-2007-1049 CWE-79 High Vulnerability (0.6.2 - 2.1)
WordPress 'wp-admin/admin.php' Module CVE-2009-2334 CWE-287 High Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
WordPress 'wp-admin/options.php' Remote Code CVE-2008-5695 CWE-20 High Execution Vulnerability (0.6.2 - 2.3.2)
WordPress 'wp-db.php' Character Set SQL Injection CVE-2007-6318 CWE-89 High Vulnerability (2.0 - 2.3.1)
WordPress 'wp-login.php' HTTP Response Splitting CVE-2004-1584 CWE-113 High Vulnerability (1.2 - 1.2)
WordPress 'wp-register.php' Multiple Cross-Site CVE-2007-5105 CVE-2007-5106 CWE-79 High Scripting Vulnerabilities (2.0 - 2.0.1)
WordPress 'wp-trackback.php' SQL Injection CVE-2005-1687 CWE-89 High Vulnerability (1.5 - 1.5)
WordPress 'xmlrpc.php' Remote Security Bypass CVE-2010-5106 CWE-264 High Vulnerability (3.0.1 - 3.0.2)
WordPress 0.7 Posts SQL Injection Vulnerability (0.7 CVE-2003-1598 CWE-89 High - 0.7)
�28 Vulnerability Name CVE CWE Severity
WordPress 1.5.1.2 Multiple Vulnerabilities (1.0 - CVE-2005-2107 CVE-2005-2108CVE-2005-2109 CVE-2005-2 CWE-79 CWE-8 High 1.5.1.2) 110 9 CWE-200 CWE -702
WordPress 2.0.1 Denial of Service Vulnerability CWE-400 High (0.6.2 - 2.0.1 )
WordPress 2.0.2 Username Remote PHP Code CVE-2006-2667 CVE-2006-2702 CWE-94 High Injection Vulnerability (0.6.2 - 2.0.2)
WordPress 2.0.3 Multiple Unspecified Security CVE-2006-4028 CWE-264 High Vulnerabilities (2.0 - 2.0.3)
WordPress 2.0.4 Multiple Security Vulnerabilities CVE-2006-5705 CVE-2006-6016CVE-2006-6017 CWE-22 CWE-2 High (2.0.4 - 2.0.4) 64 CWE-400
WordPress 2.0.5 Charset Decoding SQL Injection CVE-2007-0107 CWE-89 High Vulnerability (0.6.2 - 2.0.5)
WordPress 2.0.5 Cross-Site Scripting Vulnerability CVE-2006-6808 CWE-79 High (0.6.2 - 2.0.5)
WordPress 2.0.5 Invalid CSRF Token Cross-Site CVE-2007-0106 CWE-79 High Scripting Vulnerability (0.6.2 - 2.0.5)
WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' CVE-2007-0233 CWE-89 High SQL Injection Vulnerability (0.6.2 - 2.0.6)
WordPress 2.0.9 Multiple Vulnerabilities (2.0 - 2.0.9) CVE-2007-1622 CVE-2007-1893CVE-2007-1894 CVE-2007-1 CWE-79 CWE-8 High 897 9 CWE-264
WordPress 2.1.1 Command Execution Backdoor CVE-2007-1277 CWE-94 High Vulnerability (2.1.1 - 2.1.1)
WordPress 2.1.1 Cross-Site Scripting Vulnerability CVE-2007-1244 CWE-79 High (2.1.1 - 2.1.1)
WordPress 2.1.2 Multiple Vulnerabilities (2.1 - 2.1.2) CVE-2007-1622 CVE-2007-1893CVE-2007-1894 CVE-2007-1 CWE-79 CWE-8 High 897 9 CWE-264
WordPress 2.2 Cross-Site Scripting Vulnerability (2.2 CVE-2007-3238 CWE-79 High - 2.2)
WordPress 2.2 Multiple Vulnerabilities (2.2 - 2.2) CVE-2007-3140 CVE-2007-3238CVE-2007-3543 CWE-79 CWE-8 High 9 CWE-434
WordPress 2.2.1 Multiple Vulnerabilities (2.2.1 - CVE-2007-3639 CVE-2007-4139CVE-2007-4153 CVE-2007-4 CWE-79 CWE-8 High 2.2.1) 154 9 CWE-601
WordPress 2.2.2 Multiple Vulnerabilities (2.2 - 2.2.2) CVE-2007-4893 CVE-2007-4894CVE-2008-2146 CWE-79 CWE-8 High 9 CWE-264
WordPress 2.3 Cross-Site Scripting Vulnerability (2.3 CVE-2007-5710 CWE-79 High - 2.3)
WordPress 2.3.1 Unauthorized Post Access CWE-264 High Vulnerability (2.3.1 - 2.3.1)
WordPress 2.3.2 Post Edit Unauthorized Access CVE-2008-0664 CWE-264 High Vulnerability (0.7 - 2.3.2)
WordPress 2.3.3 Directory Traversal Vulnerability CVE-2008-4769 CWE-22 High (0.6.2 - 2.3.3)
WordPress 2.5 Cookie Integrity Protection CVE-2008-1930 CWE-287 High Unauthorized Access Vulnerability (0.6.2 - 2.5)
WordPress 2.5 Cross-Site Scripting Vulnerability (2.5 CVE-2008-2068 CWE-79 High - 2.5)
�29 Vulnerability Name CVE CWE Severity
WordPress 2.6.1 Lost Password SQL Column CVE-2008-4106 CVE-2008-4107 CWE-20 High Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)
WordPress 2.6.2 Remote Code Execution CVE-2008-4796 CWE-94 High Vulnerability (0.70 - 2.6.2)
WordPress 2.6.3 Cross-Site Scripting Vulnerability CVE-2008-5278 CWE-79 High (0.6.2 - 2.6.3)
WordPress 2.8 Multiple Existing/Non-Existing CVE-2009-2335 CVE-2009-2336 CWE-16 High Username Enumeration Weaknesses (0.6.2 - 2.8)
WordPress 2.8.1 Comment Author URI Cross-Site CVE-2009-2851 CWE-79 High Scripting Vulnerability (0.6.2 - 2.8.1)
WordPress 2.8.2 Multiple Security Bypass CVE-2009-2853 CVE-2009-2854 CWE-264 High Vulnerabilities (2.0 - 2.8.2)
WordPress 2.8.3 Admin Password Reset Security CVE-2009-2762 CWE-255 High Bypass Vulnerability (0.6.2 - 2.8.3)
WordPress 2.8.4 Denial of Service Vulnerability CVE-2009-3622 CWE-310 High (0.6.2 - 2.8.4)
WordPress 2.8.5 Multiple Vulnerabilities (2.8 - 2.8.5) CVE-2009-3890 CVE-2009-3891 CWE-79 CWE-9 High 4
WordPress 2.9.1 Trashed Posts Security Bypass CVE-2010-0682 CWE-264 High Vulnerability (2.9 - 2.9.1)
WordPress 3.0.1 Multiple Vulnerabilities (0.6.2 - CVE-2010-4257 CVE-2010-5293CVE-2010-5294 CVE-2010-5 CWE-79 CWE-8 High 3.0.1) 295CVE-2010-5296 9 CWE-264
WordPress 3.0.3 KSES Library Cross-Site Scripting CVE-2010-4536 CWE-79 High Vulnerability (0.6.2 - 3.0.3)
WordPress 3.0.4 Multiple Vulnerabilities (0.6.2 - CVE-2011-0700 CVE-2011-0701 CWE-79 CWE-2 High 3.0.4) 00
WordPress 3.1 Multiple Vulnerabilities (0.7 - 3.1) CVE-2011-4956 CVE-2011-4957 CWE-79 CWE-3 High 52 CWE-400
WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - CVE-2011-3122 CVE-2011-3125CVE-2011-3126 CVE-2011-3 CWE-89 CWE-2 High 3.1.2) 127CVE-2011-3128 CVE-2011-3129CVE-2011-3130 00 CWE-264 CW E-693
WordPress 3.1.3 Multiple SQL Injection CWE-89 High Vulnerabilities (3.1 - 3.1.3)
WordPress 3.3 Cross-Site Scripting Vulnerability (3.3 CVE-2012-0287 CWE-79 High - 3.3)
WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1) CVE-2012-2399 CVE-2012-2400CVE-2012-2401 CVE-2012-2 CWE-79 CWE-2 High 402CVE-2012-2403 CVE-2012-2404CVE-2012-3414 64 CWE-352
WordPress 3.3.2 Multiple Vulnerabilities (3.3 - 3.3.2) CVE-2012-6633 CVE-2012-6634CVE-2012-6635 CWE-79 CWE-2 High 00 CWE-264 CW E-352
WordPress 3.4 Multiple Vulnerabilities (3.4 - 3.4) CVE-2012-3384 CVE-2012-3385 CWE-79 CWE-2 High 00 CWE-264 CW E-352
WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1) CVE-2012-3383 CVE-2012-4421CVE-2012-4422 CWE-79 CWE-2 High 64
WordPress 3.4.2 cross site request forgery CVE-2012-4448 CWE-352 Medium
WordPress 3.5 Multiple Vulnerabilities (1.5 - 3.5) CVE-2013-0235 CVE-2013-0236CVE-2013-0237 CWE-79 CWE-9 High 18
�30 Vulnerability Name CVE CWE Severity
WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1) CVE-2013-2173 CVE-2013-2199CVE-2013-2200 CVE-2013-2 CWE-79 CWE-2 High 201CVE-2013-2202 CVE-2013-2203CVE-2013-2204 CVE-201 00 CWE-264 CW 3-2205 E-400 CWE-611 CWE-918
WordPress 3.6 Multiple Vulnerabilities (2.0 - 3.6) CVE-2013-4338 CVE-2013-4339CVE-2013-4340 CVE-2013-5 CWE-20 CWE-9 High 738CVE-2013-5739 4 CWE-264
WordPress 3.7.1 Multiple Vulnerabilities (3.7 - 3.7.1) CVE-2014-0165 CVE-2014-0166 CWE-89 CWE-2 High 64 CWE-287
WordPress 3.7.3 Multiple Vulnerabilities (3.7 - 3.7.3) CVE-2014-5204 CVE-2014-5205CVE-2014-5240 CVE-2014-5 CWE-79 CWE-3 High 265CVE-2014-5266 52 CWE-399 CW E-611
WordPress 3.7.4 Multiple Vulnerabilities (3.7 - 3.7.4) CVE-2014-9031 CVE-2014-9032CVE-2014-9033 CVE-2014-9 CWE-19 CWE-7 High 034CVE-2014-9035 CVE-2014-9036CVE-2014-9037 CVE-201 9 CWE-310 CWE 4-9038CVE-2014-9039 -352 CWE-918
WordPress 3.7.x Multiple Vulnerabilities (3.7 - CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 3.7.12) 918
WordPress 3.8.1 Multiple Vulnerabilities (3.8 - 3.8.1) CVE-2014-0165 CVE-2014-0166 CWE-89 CWE-2 High 64 CWE-287
WordPress 3.8.2 security release CWE-16 High
WordPress 3.8.3 Multiple Vulnerabilities (3.8 - 3.8.3) CVE-2014-5204 CVE-2014-5205CVE-2014-5240 CVE-2014-5 CWE-79 CWE-3 High 265CVE-2014-5266 52 CWE-399 CW E-611
WordPress 3.8.4 Multiple Vulnerabilities (3.8 - 3.8.4) CVE-2014-9031 CVE-2014-9032CVE-2014-9033 CVE-2014-9 CWE-19 CWE-7 High 034CVE-2014-9035 CVE-2014-9036CVE-2014-9037 CVE-201 9 CWE-310 CWE 4-9038CVE-2014-9039 -352 CWE-918
WordPress 3.8.x Cross-Site Scripting Vulnerability CVE-2016-1564 CWE-79 High (3.8 - 3.8.11)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 3.8.12) 918
WordPress 3.9.1 Multiple Vulnerabilities (3.9 - 3.9.1) CVE-2014-5203 CVE-2014-5204CVE-2014-5205 CVE-2014-5 CWE-79 CWE-9 High 240CVE-2014-5265 CVE-2014-5266 4 CWE-352 CWE -399 CWE-611
WordPress 3.9.2 Multiple Vulnerabilities (3.9 - 3.9.2) CVE-2014-9031 CVE-2014-9032CVE-2014-9033 CVE-2014-9 CWE-19 CWE-7 High 034CVE-2014-9035 CVE-2014-9036CVE-2014-9037 CVE-201 9 CWE-310 CWE 4-9038CVE-2014-9039 -352 CWE-918
WordPress 3.9.x Cross-Site Scripting Vulnerability CVE-2016-1564 CWE-79 High (3.9 - 3.9.9)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 3.9.10) 918
WordPress 3.x persistent script injection CWE-79 High
WordPress 4.0 Multiple Vulnerabilities (4.0 - 4.0) CVE-2014-9032 CVE-2014-9033CVE-2014-9034 CVE-2014-9 CWE-19 CWE-7 High 035CVE-2014-9036 CVE-2014-9037CVE-2014-9038 CVE-201 9 CWE-310 CWE 4-9039 -352 CWE-918
WordPress 4.0.x Cross-Site Scripting Vulnerability CVE-2016-1564 CWE-79 High (4.0 - 4.0.8)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.9) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 918
WordPress 4.1.x Cross-Site Scripting Vulnerability CVE-2016-1564 CWE-79 High (4.1 - 4.1.8)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.9) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 918
�31 Vulnerability Name CVE CWE Severity
WordPress 4.2.2 Multiple Vulnerabilities (0.7 - 4.2.2) CVE-2015-5622 CVE-2015-5623 CWE-79 CWE-2 High 64
WordPress 4.2.3 Multiple Vulnerabilities (0.7 - 4.2.3) CVE-2015-2213 CVE-2015-5714CVE-2015-5715 CVE-2015-5 CWE-79 CWE-8 High 716CVE-2015-5730 CVE-2015-5731CVE-2015-5732 CVE-201 9 CWE-264 5-5733CVE-2015-5734
WordPress 4.2.x Cross-Site Scripting Vulnerability CVE-2016-1564 CWE-79 High (4.2 - 4.2.5)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.6) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 918
WordPress 4.3 Multiple Vulnerabilities (0.7 - 4.3) CVE-2015-5714 CVE-2015-5715CVE-2015-7989 CWE-79 CWE-2 High 64
WordPress 4.3.x Cross-Site Scripting Vulnerability CVE-2016-1564 CWE-79 High (4.3 - 4.3.1)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.2) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 918
WordPress 4.4 Cross-Site Scripting Vulnerability (4.4 CVE-2016-1564 CWE-79 High - 4.4)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 918
WordPress Anti-CSRF Token Security Bypass CVE-2012-1936 CWE-352 High Weakness (3.3.1 - 3.3.1)
WordPress Clickjacking Vulnerability (0.7 - 3.1.2) CVE-2011-3127 CWE-693 High
WordPress Comment Post Cross-Site Scripting CVE-2006-0733 CWE-79 High Vulnerability (2.0 - 2.0)
WordPress Cookie Data PHP Code Injection CVE-2005-2612 CWE-94 High Vulnerability (1.5 - 1.5.1.3)
WordPress Cookies Security Bypass Weakness (1.5 - CVE-2007-6013 CWE-287 High 2.3.1)
WordPress Cross-Site Scripting Vulnerability (0.70 - CVE-2016-1564 CWE-79 High 3.7.11)
WordPress Cross-Site Scripting Vulnerability (0.70 - CVE-2015-3438 CWE-79 High 4.1.1)
WordPress Cross-Site Scripting Vulnerability (3.0 - CVE-2014-9031 CWE-79 High 3.6.1)
WordPress Cross-Site Scripting Vulnerability (3.9 - CVE-2015-3439 CWE-79 High 4.1.1)
WordPress Cross-Site Scripting Vulnerability (3.9.3 - CVE-2015-3440 CWE-79 High 4.2)
WordPress Denial of Service Vulnerability (3.5 - CVE-2014-5265 CWE-399 High 3.6.1)
WordPress MU 'wp-admin/wpmu-blogs.php' CVE-2008-4671 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.0 - 2.5.1)
WordPress MU 'wp-includes/wpmu-functions.php' CVE-2009-1030 CWE-79 High Cross-Site Scripting Vulnerability (1.0 - 2.6)
WordPress MailPoet Newsletters (wysija- CWE-434 High newsletters) unauthenticated file upload
WordPress Multiple Cross-Site Scripting CWE-79 High Vulnerabilities (1.2 - 1.2.1)
�32 Vulnerability Name CVE CWE Severity
WordPress Multiple Cross-Site Scripting CVE-2006-0985 CVE-2006-1796 CWE-79 High Vulnerabilities (2.0 - 2.0.1)
WordPress Multiple Cross-Site Scripting CVE-2008-0193 CWE-79 High Vulnerabilities (2.0.11 - 2.3)
WordPress Multiple Cross-Site Scripting CVE-2015-3429 CWE-79 High Vulnerabilities (4.1 - 4.2.1)
WordPress Multiple Cross-Site Scripting and SQL CWE-79 CWE-8 High Injection Vulnerabilities (1.2.1 - 1.2.2) 9
WordPress Multiple Vulnerabilities (0.70 - 3.6.1) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE- High 918
WordPress OptimizePress unrestricted file upload CVE-2013-7102 CWE-20 High
WordPress PHP Object Injection CVE-2013-4338 CWE-94 High
WordPress Pingback Source URI Denial of Service CVE-2007-0540 CWE-200 CWE- High and Information Disclosure Vulnerabilities (0.6.2 - 400 2.1.3)
WordPress Plugin 1 Flash Gallery 'upload.php' CWE-434 High Arbitrary File Upload (1.5.7)
WordPress Plugin 1 Flash Gallery Cross-Site CWE-79 CWE-8 High Scripting and SQL Injection Vulnerabilities (0.2.5 ) 9
WordPress Plugin 1-click Retweet/Share/Like Cross- CWE-79 High Site Scripting (5.2)
WordPress Plugin 1player Cross-Site Scripting (1.3) CWE-79 High
WordPress Plugin 2 Click Social Media Buttons CVE-2012-4273 CWE-79 High 'xing-url' Parameter Cross-Site Scripting (0.32.2)
WordPress Plugin 360 Product Viewer Cross-Site CWE-79 High Scripting (2.5.1)
WordPress Plugin 3D Banner Rotator 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin 3D Flick Slideshow 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin 404 to 301 SQL Injection (2.0.2) CWE-89 High
WordPress Plugin A Page Flip Book CVE-2012-6652 CWE-22 High 'pageflipbook_language' Parameter Local File Include (2.3)
WordPress Plugin A to Z Category Listing 'R' CWE-89 High Parameter SQL Injection (1.3)
WordPress Plugin A. Gallery TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (0.9rev378511)
WordPress Plugin A/B Test 'action' Parameter CWE-22 High Directory Traversal (1.0.6)
WordPress Plugin AB Google Map Travel (AB-MAP) CVE-2015-2755 CWE-79 CWE-3 High Multiple Vulnerabilities (3.4) 52
WordPress Plugin ABC Test 'id' Parameter Cross- CWE-79 High Site Scripting (0.1)
WordPress Plugin ACF Frontend display Arbitrary CWE-434 High File Upload (2.0.5)
WordPress Plugin ADIF Log Search Widget Cross- CWE-79 High Site Scripting (1.0e)
�33 Vulnerability Name CVE CWE Severity
WordPress Plugin AJAX Comment Page Cross-Site CWE-79 High Scripting (3.25)
WordPress Plugin AJAX Post Search 'srch_txt' CVE-2012-5853 CWE-89 High Parameter SQL Injection (1.2)
WordPress Plugin AJAX Random Post Cross-Site CWE-79 High Scripting (2.00)
WordPress Plugin ALO EasyMail Newsletter Cross- CWE-352 High Site Request Forgery (2.6.01)
WordPress Plugin ALO EasyMail Newsletter CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.4.7)
WordPress Plugin ALO EasyMail Newsletter CWE-79 CWE-3 High Multiple Vulnerabilities (2.6.00) 52
WordPress Plugin AVH Extended Categories CWE-89 High Widgets SQL Injection (4.0.0)
WordPress Plugin Absolute Privacy CWE-264 High 'abpr_authenticateUser()' Security Bypass (2.0.5)
WordPress Plugin Accept Signups 'email' Parameter CWE-79 High Cross-Site Scripting (0.1)
WordPress Plugin Acobot Live Chat & Contact Form CVE-2015-2039 CWE-79 CWE-3 High Multiple Vulnerabilities (2.0) 52
WordPress Plugin ActiveHelper LiveHelp Live Chat CVE-2014-4513 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.1.0)
WordPress Plugin Acumbamail Information CWE-200 High Disclosure (1.0.4)
WordPress Plugin Acunetix Secure WordPress CWE-352 High Cross-Site Request Forgery (3.0.2)
WordPress Plugin Acunetix WP Security Cross-Site CWE-352 High Request Forgery (4.0.4)
WordPress Plugin Ad Buttons Multiple CWE-79 CWE-3 High Vulnerabilities (2.3.1) 52
WordPress Plugin Ad Inserter Cross-Site Scripting CWE-79 High (1.5.5)
WordPress Plugin Ad Inserter Multiple CWE-79 CWE-3 High Vulnerabilities (1.5.2) 52
WordPress Plugin Ad-Manager Open Redirect CVE-2014-8754 CWE-601 High (1.1.2)
WordPress Plugin Ad-minister Cross-Site Scripting CVE-2013-6993 CWE-79 High (0.6)
WordPress Plugin AdPlugg WordPress Ad Cross-Site CWE-79 High Scripting (1.1.33)
WordPress Plugin AdRotate 'adrotate-out.php' SQL CVE-2011-4671 CWE-89 High Injection (3.6.6)
WordPress Plugin AdRotate 'title' Parameter CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.7.3.5)
WordPress Plugin AdRotate 'track' Parameter SQL CVE-2011-4671 CWE-89 High Injection (3.6.5)
WordPress Plugin AdRotate SQL Injection (3.9.4) CVE-2014-1854 CWE-89 High
�34 Vulnerability Name CVE CWE Severity
WordPress Plugin AdServe 'id' Parameter SQL CVE-2008-0507 CWE-89 High Injection (0.2)
WordPress Plugin AdWizz 'link' Parameter Cross- CWE-79 High Site Scripting (1.0)
WordPress Plugin Adavnced Video embed Local File CWE-22 High Inclusion (1.0)
WordPress Plugin Add Link to Facebook Cross-Site CWE-79 High Scripting (2.2.7)
WordPress Plugin Add Link to Facebook Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.215)
WordPress Plugin AddThis Sharing Buttons Cross- CWE-79 High Site Scripting (4.0.7)
WordPress Plugin AddThis Sharing Buttons Cross- CWE-79 High Site Scripting (5.0.12)
WordPress Plugin AddToAny Share Buttons Cross- CWE-79 High Site Scripting (1.6.6)
WordPress Plugin Admin Font Editor Cross-Site CWE-79 High Scripting (1.8)
WordPress Plugin Admin Management Xtended CWE-264 High Privilege Escalation (2.4.0)
WordPress Plugin Admin Pack by SITE CASEIRO CWE-79 High Cross-Site Scripting (1.1)
WordPress Plugin Adminer Cross-Site Scripting CWE-79 High (1.4.2)
WordPress Plugin Adminimize 'page' Parameter CVE-2011-4926 CWE-79 High Cross-Site Scripting (1.7.21)
WordPress Plugin Ads in bottom right Multiple CWE-79 CWE-3 High Vulnerabilities (1.0) 52
WordPress Plugin Adsense Extreme CWE-94 High 'adsensextreme[lang]' Parameter Remote File Include (1.0.3)
WordPress Plugin Advance Categorizer Cross-Site CWE-79 High Scripting (0.3)
WordPress Plugin Advanced Access Manager CVE-2014-6059 CWE-95 High Arbitrary Code Execution (2.8.2)
WordPress Plugin Advanced Custom Fields CWE-94 High 'acf_abspath' Parameter Remote File Include (3.5.1)
WordPress Plugin Advanced Custom Fields Cross- CWE-79 High Site Scripting (4.4.3)
WordPress Plugin Advanced Dewplayer Directory CVE-2013-7240 CWE-22 High Traversal (1.2)
WordPress Plugin Advanced Text Widget 'page' CVE-2011-4618 CWE-79 High Parameter Cross-Site Scripting (2.0.0)
WordPress Plugin Advanced XML Reader XML CWE-611 High External Entity Information Disclosure (0.3.4)
WordPress Plugin Advanced post slider Unspecified High Vulnerability (2.4.0)
WordPress Plugin Advertisement Management CWE-79 CWE-3 High Multiple Vulnerabilities (1.0) 52
�35 Vulnerability Name CVE CWE Severity
WordPress Plugin Advertizer 'id' Parameter SQL CWE-89 High Injection (1.0)
WordPress Plugin Aesop Story Engine Cross-Site CWE-79 High Scripting (1.6)
WordPress Plugin AffiliateWP SQL Injection (1.5.6) CWE-89 High
WordPress Plugin Age Verification 'redirect_to' CVE-2012-6499 CWE-20 High Parameter URI Redirection (0.4)
WordPress Plugin Ajax Calendar 'example.php' CWE-79 High Cross-Site Scripting (1.0)
WordPress Plugin Ajax Category Dropdown Cross- CWE-79 CWE-8 High Site Scripting and SQL Injection Vulnerabilities 9 (0.1.5)
WordPress Plugin Ajax Gallery 'list.php' SQL CWE-89 High Injection (3.0)
WordPress Plugin Ajax Load More Arbitrary File CWE-434 High Upload (2.8.1.1)
WordPress Plugin Ajax Multi Upload 'upload.php' CWE-434 High Arbitrary File Upload (1.1)
WordPress Plugin Ajax Pagination (twitter Style) CVE-2014-2674 CWE-22 High Local File Inclusion (1.1)
WordPress Plugin Ajax Search Lite Remote CWE-95 High Command Execution (3.1)
WordPress Plugin Ajax Search Lite Security Bypass CWE-264 High (3.1)
WordPress Plugin Ajax Search Pro Security Bypass CWE-264 High (3.5)
WordPress Plugin Ajax Store Locator Directory CWE-22 High Traversal (1.2.0)
WordPress Plugin Ajax Store Locator SQL Injection CWE-89 High (1.2.0)
WordPress Plugin Akeeba Backup CORE for CVE-2014-7228 CWE-310 High WordPress Arbitrary File Upload (1.1.3)
WordPress Plugin Akismet Cross-Site Scripting CWE-79 High (3.1.4)
WordPress Plugin Albo Pretorio On line Multiple CWE-79 CWE-8 High Vulnerabilities (3.2) 9 CWE-352
WordPress Plugin Alert Before Your Post Cross-Site CVE-2011-5107 CWE-79 High Scripting (0.1.1)
WordPress Plugin AlertWire Information Disclosure CWE-200 High (1.1.1)
WordPress Plugin All In One WP Security & Firewall CVE-2015-0895 CWE-352 High Cross-Site Request Forgery (3.8.9)
WordPress Plugin All In One WP Security & Firewall CWE-79 High Cross-Site Scripting (3.8.3)
WordPress Plugin All In One WP Security & Firewall CWE-79 High Cross-Site Scripting (3.9.4)
WordPress Plugin All In One WP Security & Firewall CWE-79 High Cross-Site Scripting (3.9.7)
�36 Vulnerability Name CVE CWE Severity
WordPress Plugin All In One WP Security & Firewall CVE-2014-6242 CWE-89 High Multiple SQL Injection Vulnerabilities (3.8.2)
WordPress Plugin All In One WP Security & Firewall CVE-2015-0894 CWE-89 High SQL Injection (3.8.7)
WordPress Plugin All In One WP Security & Firewall CWE-89 High SQL Injection (3.9.0)
WordPress Plugin All Video Gallery 'vid' Parameter CVE-2012-6653 CWE-89 High Multiple SQL Injection Vulnerabilities (1.1)
WordPress Plugin All Video Gallery SQL Injection CVE-2014-5186 CWE-89 High (1.2)
WordPress Plugin All in One SEO Pack Cross-Site CWE-79 High Scripting (2.0.3)
WordPress Plugin All in One SEO Pack Cross-Site CWE-79 High Scripting (2.2.2)
WordPress Plugin All in One SEO Pack Cross-Site CWE-79 High Scripting (2.2.6.1)
WordPress Plugin All in One SEO Pack Information CVE-2015-0902 CWE-200 High Disclosure (2.2.5.1)
WordPress Plugin All in One SEO Pack Multiple CWE-79 CWE-2 High Vulnerabilities (2.1.5) 87
WordPress Plugin All in One Social Lite Server-Side CWE-918 High Request Forgery (1.0)
WordPress Plugin All in One Webmaster Cross-Site CVE-2013-2696 CWE-352 High Request Forgery (8.2.3)
WordPress Plugin All-in-One Event Calendar CVE-2012-1835 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.5)
WordPress Plugin All-in-One Event Calendar CWE-79 CWE-8 High Multiple Vulnerabilities (1.10-standard) 9
WordPress Plugin All-in-One Event Calendar CWE-79 CWE-8 High Multiple Vulnerabilities (1.9) 9
WordPress Plugin All-in-One WP Migration Remote CVE-2014-8794 CWE-94 High Code Execution (2.0.2)
WordPress Plugin All-in-One WP Migration Security CWE-264 High Bypass (2.0.4)
WordPress Plugin AllWebMenus WordPress Menu CVE-2011-3981 CWE-94 High 'abspath' Parameter Remote File Include (1.1.3)
WordPress Plugin AllWebMenus WordPress Menu CVE-2012-1010 CVE-2012-1011 CWE-264 High 'actions.php' Arbitrary File Upload (1.1.8)
WordPress Plugin Allow PHP in Posts and Pages 'id' CWE-89 High Parameter SQL Injection (2.0.0.RC1)
WordPress Plugin Alpine PhotoTile for Instagram CWE-79 High Cross-Site Scripting (1.2.6.5)
WordPress Plugin Alpine PhotoTile for Instagram CWE-79 High Cross-Site Scripting (1.2.7.4)
WordPress Plugin Alpine PhotoTile for Instagram CWE-79 High Cross-Site Scripting (1.2.7.5)
WordPress Plugin Altos Connect Widget Cross-Site CWE-79 High Scripting (1.3.0)
�37 Vulnerability Name CVE CWE Severity
WordPress Plugin Amazon Product in a Post SQL CWE-89 High Injection (3.5.2)
WordPress Plugin Animal Captcha Cross-Site CWE-79 High Scripting (1.6.2)
WordPress Plugin Annonces 'abspath' Parameter CWE-94 High Remote File Include (1.2.0.0)
WordPress Plugin Annonces 'theme.php' Arbitrary CWE-434 High File Upload (1.2.0.1)
WordPress Plugin Another WordPress Classifieds CWE-434 High Arbitrary File Upload (3.3.2)
WordPress Plugin Another WordPress Classifieds CVE-2014-9313 CWE-79 High Cross-Site Scripting (3.3.1)
WordPress Plugin Another WordPress Classifieds CVE-2014-10012 CVE-2014-10013 CWE-79 CWE-8 High Multiple Vulnerabilities (2.2.1) 9
WordPress Plugin Another WordPress Classifieds CVE-2012-4874 High Unspecified Vulnerability (1.8.9.4)
WordPress Plugin Answer My Question Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.1)
WordPress Plugin Anti Plagiarism Cross-Site CWE-79 High Scripting (3.60)
WordPress Plugin Anti-Malware Security and Brute- CWE-79 High Force Firewall Cross-Site Scripting (4.15.42)
WordPress Plugin Anti-Malware and Brute-Force CWE-79 High Security by ELI Cross-Site Scripting (1.2.05.20)
WordPress Plugin Anti-Malware and Brute-Force CWE-79 High Security by ELI Cross-Site Scripting (4.15.22)
WordPress Plugin Anti-Malware and Brute-Force CWE-79 High Security by ELI Multiple Cross-Site Scripting Vulnerabilities (4.15.17)
WordPress Plugin Anti-Spam by CleanTalk-No CWE-79 High Captcha, no comments & registrations spam Cross- Site Scripting (5.21)
WordPress Plugin Anti-spam Cross-Site Scripting CWE-79 High (4.1)
WordPress Plugin AnyFont Cross-Site Scripting CVE-2014-4515 CWE-79 High (2.2.3)
WordPress Plugin AppPresser-Mobile App CWE-79 High Framework Cross-Site Scripting (1.1.4)
WordPress Plugin Appointment Booking Calendar CWE-79 CWE-8 High Multiple Vulnerabilities (1.1.24) 9 CWE-264
WordPress Plugin Appointment Booking Calendar CVE-2015-7319 CVE-2015-7320 CWE-79 CWE-8 High Multiple Vulnerabilities (1.1.7) 9
WordPress Plugin Appointment Booking Calendar CWE-89 High SQL Injection (1.1.23)
WordPress Plugin Appointments Scheduler Cross- CVE-2014-4579 CWE-79 High Site Scripting (1.5)
WordPress Plugin April's Super Functions Pack CVE-2014-100026 CWE-79 High Cross-Site Scripting (1.4.7)
�38 Vulnerability Name CVE CWE Severity
WordPress Plugin ArcadePress 'upload.php' CWE-434 High Arbitrary File Upload (0.65)
WordPress Plugin AskApache Firefox Adsense CVE-2013-6992 CWE-352 High Cross-Site Request Forgery (3.0)
WordPress Plugin Aspose Cloud eBook Generator CWE-22 High Arbitrary File Download (1.0)
WordPress Plugin Aspose DOC Exporter Arbitrary CWE-22 High File Download (1.0)
WordPress Plugin Aspose Importer & Exporter CWE-22 High Arbitrary File Download (2.0)
WordPress Plugin Aspose PDF Exporter Arbitrary CWE-22 High File Download (1.0)
WordPress Plugin Asset Manager 'upload.php' CWE-434 High Arbitrary File Upload (0.3)
WordPress Plugin Auction Cross-Site Request CWE-352 High Forgery (1.0.0)
WordPress Plugin Auctions 'upload.php' Arbitrary CWE-434 High File Upload (2.0.1.3)
WordPress Plugin Audio 'showfile' Parameter CWE-79 High Cross-Site Scripting (0.5.1)
WordPress Plugin Audio Player Cross-Site Scripting CVE-2013-1464 CWE-79 High (2.0.4.5)
WordPress Plugin Audit Trail Cross-Site Scripting CWE-79 High (1.1.13)
WordPress Plugin Author Manager Multiple CWE-79 CWE-3 High Vulnerabilities (1.0) 52
WordPress Plugin Authorize.net Payment Gateway CWE-264 High For WooCommerce Security Bypass (2.0)
WordPress Plugin Auto Affiliate Links Multiple SQL CWE-89 High Injection Vulnerabilities (4.9.9.4)
WordPress Plugin Auto Attachments TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (0.3)
WordPress Plugin Auto ThickBox Plus Cross-Site CWE-79 High Scripting (1.9)
WordPress Plugin Automatic 'q' Parameter SQL CWE-89 High Injection (2.0.3)
WordPress Plugin Automatic Online Backup 'url' CWE-79 High Parameter Cross-Site Scripting (0.8.2)
WordPress Plugin Automattic Stats Referer Field CWE-79 High HTML Injection (1.0)
WordPress Plugin Avenir-soft Direct Download CWE-79 CWE-3 High Multiple Vulnerabilities (1.0) 52
WordPress Plugin Aviary Image Editor Add-on For CVE-2015-4455 CWE-434 High Gravity Forms Arbitrary File Upload (3.0)
WordPress Plugin Awesome Filterable Portfolio CWE-89 High Multiple SQL Injection Vulnerabilities (1.8.6)
WordPress Plugin BIC Media Widget Cross-Site CVE-2014-4516 CWE-79 High Scripting (1.0)
�39 Vulnerability Name CVE CWE Severity
WordPress Plugin BJ Lazy Load Remote Code CWE-94 High Execution (0.7.5)
WordPress Plugin BP Code Snippets Cross-Site CVE-2013-1808 CWE-79 High Scripting (2.0)
WordPress Plugin BP Group Documents Multiple CWE-22 CWE-7 High Vulnerabilities (1.2.1) 9 CWE-352
WordPress Plugin BSK PDF Manager Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.3)
WordPress Plugin BSK PDF Manager Multiple SQL CVE-2014-4944 CWE-89 High Injection Vulnerabilities (1.3.2)
WordPress Plugin BackUpWordPress Remote File CVE-2007-5800 CWE-94 High Inclusion (0.4.2b)
WordPress Plugin BackWPup CWE-94 High 'wp_export_generate.php' Local and Remote File Include Vulnerabilities (2.1.4)
WordPress Plugin BackWPup Free Cross-Site CVE-2013-4626 CWE-79 High Scripting (3.0.12)
WordPress Plugin BackWPup Free Remote and CVE-2011-4342 CVE-2011-5208 CWE-22 CWE-9 High Local Code Execution (1.6.1) 4
WordPress Plugin BackWPup Free-WordPress CWE-22 High Backup Multiple Local File Include Vulnerabilities (1.5.2)
WordPress Plugin BackWPup Free-WordPress High Backup Multiple Unspecified Vulnerabilities (3.2.1)
WordPress Plugin Backend Localization Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.6.1)
WordPress Plugin Background Music Cross-Site CVE-2013-1942 CWE-79 High Scripting (1.0)
WordPress Plugin Backup Database Backup CWE-538 High Information Disclosure (2.0.1)
WordPress Plugin Backup Guard Arbitrary File CWE-434 High Upload (1.0.2)
WordPress Plugin BackupBuddy Information CVE-2013-2743 CVE-2013-2744 CWE-200 High Disclosure (2.2.28)
WordPress Plugin Bad Behavior Multiple Cross-Site CVE-2012-4271 CWE-79 High Scripting Vulnerabilities (2.2.4)
WordPress Plugin Banner Effect Header Cross-Site CVE-2015-0920 CWE-352 High Request Forgery (1.2.6)
WordPress Plugin Banner Effect Header Cross-Site CVE-2015-1384 CWE-79 High Scripting (1.2.7)
WordPress Plugin BannerMan Cross-Site Scripting CVE-2014-4845 CWE-79 High (0.2.4)
WordPress Plugin Basic Google Maps Placemarks CWE-79 High Cross-Site Scripting (1.10.2)
WordPress Plugin Beaver Builder-WordPress Page CWE-264 High Builder Security Bypass (1.7)
WordPress Plugin Beer Recipes Cross-Site Scripting CWE-79 High (1.0)
�40 Vulnerability Name CVE CWE Severity
WordPress Plugin Better Search Replace Multiple High Unspecified Vulnerabilities (1.0.3)
WordPress Plugin Better WordPress Minify CWE-538 High Arbitrary File Disclosure (1.2.2)
WordPress Plugin BezahlCode-Generator CWE-79 High 'gen_name' Parameter Cross-Site Scripting (1.0)
WordPress Plugin Bilingual Linker Cross-Site CWE-79 High Scripting (2.1.1)
WordPress Plugin Bird Feeder Multiple CVE-2014-9334 CWE-79 CWE-3 High Vulnerabilities (1.2.3) 52
WordPress Plugin Blaze Slideshow 'upload.php' CWE-434 High Arbitrary File Upload (2.4)
WordPress Plugin Bliss Gallery 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin Blogroll Fun-Show Last Post and CWE-79 High Last Update Time Cross-Site Scripting (0.8.4)
WordPress Plugin Blogstand Banner Cross-Site CVE-2014-4848 CWE-79 High Scripting (1.0)
WordPress Plugin Bloom eMail Opt-In Security CWE-264 High Bypass (1.1)
WordPress Plugin Blubrry PowerPress Podcasting CVE-2015-1385 CWE-79 High Cross-Site Scripting (6.0)
WordPress Plugin Blubrry PowerPress Podcasting CWE-79 High Cross-Site Scripting (6.0.4)
WordPress Plugin Blubrry PowerPress Podcasting CWE-89 High SQL Injection (6.0.2)
WordPress Plugin Blue Wrench Video Widget Cross- CVE-2013-6797 CWE-352 High Site Request Forgery (1.0.5)
WordPress Plugin BookX Local File Inclusion (1.7) CVE-2014-4937 CWE-22 High
WordPress Plugin Booking Calendar Contact Form CWE-79 CWE-8 High Multiple Vulnerabilities (1.0.2) 9
WordPress Plugin Booking Calendar Contact Form CWE-79 CWE-8 High Multiple Vulnerabilities (1.0.23) 9
WordPress Plugin Booking Calendar Cross-Site CWE-352 High Request Forgery (4.1.5)
WordPress Plugin Bookings Cross-Site Scripting CWE-79 High (1.8.2)
WordPress Plugin Bookmarkify Multiple CWE-79 CWE-3 High Vulnerabilities (2.9.2) 52
WordPress Plugin Bookshelf Cross-Site Scripting CWE-79 High (2.0.4)
WordPress Plugin Brandfolder-Digital Asset CWE-98 High Management Simplified Local/Remote File Inclusion (3.0)
WordPress Plugin Breezing Forms Cross-Site CWE-79 High Scripting (1.2.7.33)
WordPress Plugin Breezing Forms SQL Injection CWE-89 High (1.2.7.30)
�41 Vulnerability Name CVE CWE Severity
WordPress Plugin Broken Link Checker Cross-Site CWE-79 High Scripting (1.10.1)
WordPress Plugin Broken Link Checker Cross-Site CWE-79 High Scripting (1.10.4)
WordPress Plugin Broken Link Checker Cross-Site CWE-79 High Scripting (1.10.5)
WordPress Plugin Broken Link Checker Cross-Site CVE-2015-5057 CWE-79 High Scripting (1.10.8)
WordPress Plugin Broken Link Checker Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.9.1)
WordPress Plugin Broken Link Checker Unspecified High Vulnerability (1.10.7)
WordPress Plugin Broken Link Manager Cross-Site CWE-79 High Scripting (0.5.5)
WordPress Plugin Broken Link Manager Multiple CWE-79 CWE-8 High Vulnerabilities (0.4.5) 9
WordPress Plugin Browser Rejector Remote File CWE-94 High Inclusion (2.10)
WordPress Plugin Brute Force Login Protection High Unspecified Vulnerability (1.5)
WordPress Plugin Buckets Cross-Site Scripting CVE-2013-1808 CWE-79 High (0.1.9.2)
WordPress Plugin BuddyDrive Cross-Site Scripting CWE-79 High (1.2.2)
WordPress Plugin BuddyPress 'page' Parameter CVE-2012-2109 CWE-89 High SQL Injection (1.5.4)
WordPress Plugin BuddyPress Activity Plus Cross- CWE-79 High Site Scripting (1.6.3)
WordPress Plugin BuddyPress Activity Plus Multiple CWE-73 CWE-3 High Vulnerabilities (1.6.1) 52
WordPress Plugin BuddyPress Cross-Site Scripting CWE-79 High (2.2.2.1)
WordPress Plugin BuddyPress Extended Friendship CVE-2013-4944 CWE-79 High Request Cross-Site Scripting (1.0.1)
WordPress Plugin BuddyPress Multiple SQL CWE-89 High Injection Vulnerabilities (1.7.1)
WordPress Plugin BuddyPress Multiple CVE-2014-1888 CVE-2014-1889 CWE-79 CWE-2 High Vulnerabilities (1.9.1) 64
WordPress Plugin BuddyPress PHP Object Injection CWE-915 High (2.0.2)
WordPress Plugin BuddyPress Security Bypass CWE-264 High (2.3.4)
WordPress Plugin BuddyStream Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.6.2)
WordPress Plugin Bulk Delete Privilege Escalation CWE-264 High (5.5.3)
WordPress Plugin Bulk Delete Users by Email CWE-352 High Cross-Site Request Forgery (1.0)
�42 Vulnerability Name CVE CWE Severity
WordPress Plugin BulletProof Security Cross-Site CVE-2012-4268 CWE-79 High Scripting (.47)
WordPress Plugin BulletProof Security Cross-Site CWE-79 High Scripting (.50.9)
WordPress Plugin BulletProof Security Cross-Site CWE-79 High Scripting (.52.4)
WordPress Plugin BulletProof Security Multiple CVE-2013-3487 CWE-79 High Cross-Site Scripting Vulnerabilities (.48.9)
WordPress Plugin BulletProof Security Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (.53.2)
WordPress Plugin BulletProof Security Multiple CVE-2014-7958 CVE-2014-7959CVE-2014-8749 CWE-79 CWE-8 High Vulnerabilities (.51) 9 CWE-918
WordPress Plugin CAC Featured Content CVE-2011-4106 CWE-20 High TimThumb Arbitrary File Upload (0.8)
WordPress Plugin CAPTCHA in Thai Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (1.1)
WordPress Plugin CBI Referral Manager Cross-Site CVE-2014-4517 CWE-79 High Scripting (1.2.1)
WordPress Plugin CIP4 Folder Download Widget CWE-22 High Local File Inclusion (1.10)
WordPress Plugin CKEditor for WordPress Cross- CWE-79 High Site Scripting (4.5.3)
WordPress Plugin CM Ad Changer Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (1.7.2)
WordPress Plugin CM Download Manager Code CVE-2014-8877 CWE-95 High Injection (2.0.3)
WordPress Plugin CM Download Manager Multiple CVE-2014-9129 CWE-79 CWE-3 High Vulnerabilities (2.0.6) 52
WordPress Plugin CM Tooltip Glossary Cross-Site CWE-79 High Scripting (3.3.4)
WordPress Plugin CMS Tree Page View CVE-2012-1834 CWE-79 High 'cms_tpv_view' Parameter Cross-Site Scripting (0.8.8)
WordPress Plugin CMS Tree Page View Cross-Site CWE-352 High Request Forgery (1.2.4)
WordPress Plugin CMS Tree Page View Cross-Site CWE-79 High Scripting (1.2.31)
WordPress Plugin CONTUS VBLOG-Video Blogging CWE-434 High 'save.php' Arbitrary File Upload (1.0)
WordPress Plugin CP Contact Form with Paypal CWE-79 CWE-8 High Multiple Vulnerabilities (1.1.5) 9 CWE-352
WordPress Plugin CP Image Store with Slideshow CWE-22 High Arbitrary File Download (1.0.5)
WordPress Plugin CP Multi View Event Calendar CWE-89 High Multiple SQL Injection Vulnerabilities (1.1.7)
WordPress Plugin CP Multi View Event Calendar CWE-79 CWE-8 High Multiple Vulnerabilities (1.1.4) 9
WordPress Plugin CP Multi View Event Calendar CVE-2014-8586 CWE-89 High SQL Injection (1.01)
�43 Vulnerability Name CVE CWE Severity
WordPress Plugin CP Polls Multiple Vulnerabilities CWE-79 CWE-3 High (1.0.8) 52
WordPress Plugin CP Reservation Calendar SQL CVE-2015-7235 CWE-89 High Injection (1.1.6)
WordPress Plugin CSS Plus Multiple Unspecified High Vulnerabilities (1.3.1)
WordPress Plugin CSV Import Cross-Site Scripting CWE-79 High (1.0)
WordPress Plugin CSV Importer Multiple High Unspecified Vulnerabilities (0.3.7)
WordPress Plugin Calculated Fields Form Cross-Site CWE-79 High Scripting (1.0.81)
WordPress Plugin Calculated Fields Form Multiple CWE-89 High SQL Injection Vulnerabilities (1.0.10)
WordPress Plugin Calendar Cross-Site Request CVE-2013-2698 CWE-352 High Forgery (1.3.2)
WordPress Plugin Calendar Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.2.1)
WordPress Plugin Candidate Application Form CWE-22 High Arbitrary File Download (1.0)
WordPress Plugin Captain Slider Cross-Site CWE-79 High Scripting (1.0.6)
WordPress Plugin Captcha by BestWebSoft Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (4.0.2)
WordPress Plugin Captcha by BestWebSoft Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (4.1.5)
WordPress Plugin Captcha by BestWebSoft SQL CWE-89 High Injection (4.1.4)
WordPress Plugin Captcha by BestWebSoft SQL CWE-89 High Injection (4.1.7)
WordPress Plugin Captcha by BestWebSoft Security CWE-284 High Bypass (3.8.7)
WordPress Plugin Captcha by BestWebSoft Security CVE-2014-9283 CWE-254 High Bypass (4.0.6)
WordPress Plugin Car Demon Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.0.1)
WordPress Plugin Car Rental System SQL Injection CWE-89 High (3.0)
WordPress Plugin Carousel slideshow CVE-2012-3414 CWE-79 High 'swfupload.swf' Cross-Site Scripting (3.10)
WordPress Plugin Carousel slideshow 'upload.php' CWE-434 High Arbitrary File Upload (3.9)
WordPress Plugin Cart66 Lite::WordPress CWE-79 High Ecommerce Cross-Site Scripting (1.5.4)
WordPress Plugin Cart66 Lite::WordPress CVE-2013-5977 CVE-2013-5978 CWE-79 CWE-3 High Ecommerce Multiple Vulnerabilities (1.5.1.14) 52
WordPress Plugin Cart66 Lite::WordPress CVE-2014-9442 CWE-89 CWE-2 High Ecommerce Multiple Vulnerabilities (1.5.3) 64
�44 Vulnerability Name CVE CWE Severity
WordPress Plugin Cart66 Lite::WordPress CVE-2014-9305 CWE-89 High Ecommerce SQL Injection (1.5.1.17)
WordPress Plugin Cart66 Pro Arbitrary File CVE-2014-9461 CWE-22 High Disclosure (1.5.3)
WordPress Plugin CataBlog 'category' Parameter CWE-79 High Cross-Site Scripting (1.6.2)
WordPress Plugin Category Grid View Gallery CVE-2013-4117 CWE-79 High Cross-Site Scripting (2.3.3)
WordPress Plugin Category Grid View Gallery CVE-2011-4106 CWE-20 High TimThumb Arbitrary File Upload (0.1.1)
WordPress Plugin Category List Portfolio Page CVE-2011-4106 CWE-20 High TimThumb Arbitrary File Upload (1.2.3)
WordPress Plugin Category Order and Taxonomy CWE-79 High Terms Order Cross-Site Scripting (1.4.6)
WordPress Plugin Category and Page Icons Multiple CWE-73 CWE-4 High Vulnerabilities (0.9.1) 34
WordPress Plugin Ceceppa Multilingua Unspecified High Vulnerability (1.5.3)
WordPress Plugin CevherShare 'cevhershare- CWE-89 High admin.php' SQL Injection (2.0)
WordPress Plugin Chat Cross-Site Scripting (1.0.8) CWE-79 High
WordPress Plugin ChenPress Arbitrary File Upload CWE-434 High (3.0)
WordPress Plugin Chief Editor Multiple CWE-79 CWE-3 High Vulnerabilities (3.7.1) 52
WordPress Plugin Child Theme Configurator CWE-538 High Arbitrary File Disclosure (1.7.4)
WordPress Plugin Child Theme Creator by Orbisius CWE-88 High Arbitrary File Modification (1.2.6)
WordPress Plugin Cimy Counter HTTP Response CWE-79 CWE-1 High Splitting and Cross-Site Scripting Vulnerabilities 13 (0.9.4)
WordPress Plugin Cimy User Extra Fields Arbitrary CWE-434 High File Upload (2.3.7)
WordPress Plugin Cimy User Extra Fields Denial of CWE-400 High Service (2.6.3)
WordPress Plugin Cimy User Manager CWE-22 High 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
WordPress Plugin Citizen Space Cross-Site Scripting CWE-79 High (1.0)
WordPress Plugin Citizen Space Cross-Site Scripting CWE-79 High (1.1)
WordPress Plugin Claptastic Clap! Button Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.3)
WordPress Plugin Cleeng-Sell your videos Cross- CVE-2013-1808 CWE-79 High Site Scripting (2.3.2)
WordPress Plugin Click to Copy Grab Box Multiple CVE-2013-1808 CWE-79 High Cross-Site Scripting Vulnerabilities (0.1.1)
�45 Vulnerability Name CVE CWE Severity
WordPress Plugin ClickBank Affiliate Ads Multiple CWE-79 CWE-3 High Vulnerabilities (1.7) 52
WordPress Plugin ClickDesk Live Support-Live Chat- CVE-2011-5181 CWE-79 High Help Desk 'cdwidgetid' Parameter Cross-Site Scripting (2.0)
WordPress Plugin ClickDesk Live Support-Live Chat- CWE-79 High Help Desk Cross-Site Scripting (4.2)
WordPress Plugin ClickSold IDX Cross-Site Scripting CWE-79 High (1.48)
WordPress Plugin Clik stats Open Redirect (0.8) CWE-601 High
WordPress Plugin Clipta Video Informer Cross-Site CWE-79 High Scripting (1.0)
WordPress Plugin CloudFlare Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.3.20)
WordPress Plugin CloudFlare Multiple Unspecified High Vulnerabilities (1.1.6)
WordPress Plugin Cms Pack TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (1.3)
WordPress Plugin Code Embed 'suffix' Parameter CWE-79 High Cross-Site Scripting (2.0.1)
WordPress Plugin Code Insert Manager (Q2W3 Inc CVE-2013-1808 CWE-79 High Manager) ZeroClipboard Cross-Site Scripting (2.3.1)
WordPress Plugin CodeArt-Google MP3 Player CWE-538 High Arbitrary File Disclosure (1.0.11)
WordPress Plugin Codestyling Localization 'name' CWE-79 High Parameter Cross-Site Scripting (1.99.19)
WordPress Plugin Codestyling Localization Multiple CVE-2015-4179 CWE-79 CWE-9 High Vulnerabilities (1.99.30) 5 CWE-352
WordPress Plugin Collapse-O-Matic Cross-Site CWE-79 High Scripting (1.6.8)
WordPress Plugin Collision Testimonials CWE-89 High 'admin.php' SQL Injection (3.0)
WordPress Plugin ComicPress Manager 'lang' CWE-79 High Parameter Cross-Site Scripting (1.4.9.9 )
WordPress Plugin Coming Soon/Maintenance CWE-352 High mode Ready! Cross-Site Request Forgery (0.5.0)
WordPress Plugin Comment Attachment Cross-Site CVE-2013-6010 CWE-79 High Scripting (1.5.5)
WordPress Plugin Comment Extra Fields 'cef- CWE-434 High upload.php' Arbitrary File Upload (1.7)
WordPress Plugin Comment Extra Fields Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.7)
WordPress Plugin Comment Rating 'id' Parameter CWE-89 High SQL Injection (2.9.23)
WordPress Plugin Comment Rating 'path' CWE-79 High Parameter Cross-Site Scripting (2.9.20)
WordPress Plugin Comment Rating Cross-Site CWE-352 High Request Forgery (2.9.20)
�46 Vulnerability Name CVE CWE Severity
WordPress Plugin Comment Rating SQL Injection CWE-89 CWE-2 High and Security Bypass Weakness Vulnerabilities 64 (2.9.32)
WordPress Plugin CommentLuv Cross-Site Scripting CVE-2013-1409 CWE-79 High (2.92.3)
WordPress Plugin Commentator Cross-Site CWE-79 High Scripting (2.5.2)
WordPress Plugin Community Events 'id' Parameter CWE-89 High SQL Injection (1.2.2)
WordPress Plugin Community Events SQL Injection CVE-2015-3313 CWE-89 High (1.3.5)
WordPress Plugin Compfight Cross-Site Scripting CVE-2014-5202 CVE-2014-8622 CWE-79 High (1.4)
WordPress Plugin Complete Gallery Manager for CVE-2013-5962 CWE-434 High WordPress Arbitrary File Upload (3.3.3)
WordPress Plugin Conduit Banner 'banner-index- CWE-79 High field-id' Parameter Cross-Site Scripting (0.2)
WordPress Plugin Connections Business Directory CVE-2016-0770 CWE-79 High Cross-Site Scripting (8.5.8)
WordPress Plugin Connections Business Directory CVE-2011-5254 High Unspecified Vulnerability (0.7.1.5)
WordPress Plugin Constant Contact for WordPress CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.1.7)
WordPress Plugin Constant Contact for WordPress High Unspecified Vulnerability (3.1.6)
WordPress Plugin Contact Bank-Contact Forms CWE-79 High Builder Cross-Site Scripting (2.0.225)
WordPress Plugin Contact Bank-Contact Forms CWE-79 High Builder Cross-Site Scripting (2.0.226)
WordPress Plugin Contact Form CWE-89 High 'wpcf_easyform_formid' Parameter SQL Injection (2.7.5)
WordPress Plugin Contact Form 7 Arbitrary File CWE-434 High Upload (3.5.2)
WordPress Plugin Contact Form 7 Arbitrary File CWE-434 High Upload (3.5.3)
WordPress Plugin Contact Form 7 Cross-Site CWE-79 High Scripting (4.0.1)
WordPress Plugin Contact Form 7 Integrations CVE-2014-6445 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.3.10)
WordPress Plugin Contact Form 7 Security Bypass CVE-2014-2265 CWE-264 High (3.7.1)
WordPress Plugin Contact Form 7 Security Bypass CWE-330 High (4.1)
WordPress Plugin Contact Form Builder Multiple CWE-89 High SQL Injection Vulnerabilities (1.0.24)
WordPress Plugin Contact Form Builder Security CWE-264 High Bypass (1.0.7)
�47 Vulnerability Name CVE CWE Severity
WordPress Plugin Contact Form Clean and Simple CVE-2014-8955 CWE-79 High Cross-Site Scripting (4.4.0)
WordPress Plugin Contact Form DB Cross-Site CVE-2015-1874 CWE-352 High Request Forgery (2.8.31)
WordPress Plugin Contact Form DB Cross-Site CWE-79 High Scripting (2.8.19)
WordPress Plugin Contact Form DB Cross-Site CVE-2015-2040 CWE-79 High Scripting (2.8.27)
WordPress Plugin Contact Form DB Multiple Cross- CVE-2014-7139 CWE-79 High Site Scripting Vulnerabilities (2.8.15)
WordPress Plugin Contact Form Generator Multiple CVE-2015-6965 CWE-352 High Cross-Site Request Forgery Vulnerabilities (2.0.1)
WordPress Plugin Contact Form Integrated With CVE-2014-7238 CWE-79 High Google Maps Cross-Site Scripting (2.4)
WordPress Plugin Contact Form Maker Cross-Site CVE-2014-8796 CWE-79 High Scripting (1.7.18)
WordPress Plugin Contact Form Maker SQL CWE-89 High Injection (1.7.30)
WordPress Plugin Contact Form Maker Security CWE-264 High Bypass (1.7.14)
WordPress Plugin Contact Form Manager Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.4.1)
WordPress Plugin Contact Form Unspecified High Vulnerability (1.2)
WordPress Plugin Contact Form by BestWebSoft CWE-352 High Cross-Site Request Forgery (3.82)
WordPress Plugin Contact Form by BestWebSoft CWE-79 High Cross-Site Scripting (3.34)
WordPress Plugin Contact Form by BestWebSoft CWE-79 High Cross-Site Scripting (3.51)
WordPress Plugin Contact Form by BestWebSoft CWE-79 High Cross-Site Scripting (3.81)
WordPress Plugin Contact Form by BestWebSoft CWE-79 High Cross-Site Scripting (3.95)
WordPress Plugin Contact Form by BestWebSoft CWE-88 High Email Header Injection (3.83)
WordPress Plugin Contact Form by ContactMe.com CVE-2014-4518 CWE-79 High Cross-Site Scripting (2.3)
WordPress Plugin Contact Form to DB by CWE-79 High BestWebSoft Cross-Site Scripting (1.4.0)
WordPress Plugin Contact Form to Email Cross-Site CVE-2014-8798 CWE-79 High Scripting (1.0)
WordPress Plugin Contact Form to Email Multiple CWE-79 CWE-3 High Vulnerabilities (1.1.4) 52
WordPress Plugin Content Audit Blind SQL Injection CVE-2014-5389 CWE-89 High (1.6)
WordPress Plugin Content Grabber Multiple CWE-79 CWE-3 High Vulnerabilities (1.0) 52
�48 Vulnerability Name CVE CWE Severity
WordPress Plugin Content text slider on post CWE-79 High Cross-Site Scripting (6.8)
WordPress Plugin Contentboxes Cross-Site CWE-79 High Scripting (1.1)
WordPress Plugin Contextual Related Posts Cross- CVE-2013-2710 CWE-352 High Site Request Forgery (1.8.6)
WordPress Plugin Contus HD FLV Player 'process- CWE-89 High sortable.php' SQL Injection (1.3)
WordPress Plugin Contus HD FLV Player CWE-434 High 'uploadVideo.php' Arbitrary File Upload (1.7)
WordPress Plugin Conversador Cross-Site Scripting CVE-2014-4519 CWE-79 High (2.61)
WordPress Plugin Cool Video Gallery Command CVE-2015-7527 CWE-94 High Injection (1.9)
WordPress Plugin Cool Video Gallery Cross-Site CWE-352 High Request Forgery (1.8)
WordPress Plugin Copperleaf Photolog CVE-2010-0673 CWE-89 High 'cplphoto.php' SQL Injection (0.16)
WordPress Plugin Copy or Move Comments CWE-79 CWE-3 High Multiple Vulnerabilities (1.0.0) 52
WordPress Plugin CopySafe PDF Protection CWE-434 High Arbitrary File Upload (0.6)
WordPress Plugin Count per Day 'month' CWE-89 High Parameter SQL Injection (2.17)
WordPress Plugin Count per Day 'notes.php' Cross- CWE-79 High Site Scripting (3.2.3)
WordPress Plugin Count per Day 'userperspan.php' CVE-2012-3434 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.1.1)
WordPress Plugin Count per Day Arbitrary File CVE-2012-0896 CWE-22 CWE-7 High Download and Cross-Site Scripting Vulnerabilities 9 (3.1)
WordPress Plugin Count per Day Cross-Site CWE-352 High Request Forgery (3.2.5)
WordPress Plugin Count per Day Information CWE-200 High Disclosure (3.2.5)
WordPress Plugin Count per Day SQL Injection (3.4) CVE-2015-5533 CWE-89 High
WordPress Plugin Count per Day Search Bar Cross- CWE-79 High Site Scripting (3.2.2)
WordPress Plugin Coupon Tab for DirectoryPress CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
WordPress Plugin Couponer 'print-coupon.php' CWE-89 High SQL Injection (1.2)
WordPress Plugin Crayon Syntax Highlighter CWE-94 High 'wp_load' Parameter Remote File Include (1.12.1)
WordPress Plugin Crayon Syntax Highlighter Local CWE-22 High File Disclosure (2.6.10)
WordPress Plugin Crayon Syntax Highlighter CWE-264 High Security Bypass (2.6.10)
�49 Vulnerability Name CVE CWE Severity
WordPress Plugin Crazy Bone Cross-Site Scripting CWE-79 High (0.5.6)
WordPress Plugin Creative Contact Form-The Best CVE-2014-7969 CWE-94 High WordPress Contact Form Builder Arbitrary File Upload (0.9.7)
WordPress Plugin Crony Cronjob Manager Multiple CWE-79 CWE-3 High Vulnerabilities (0.4.4) 52
WordPress Plugin Cross-RSS Directory Traversal CVE-2014-4941 CWE-22 High (1.7)
WordPress Plugin CrossSlide jQuery Multiple CVE-2015-2089 CWE-79 CWE-3 High Vulnerabilities (2.0.5) 52
WordPress Plugin Csv2WPeC Coupon Arbitrary File CWE-434 High Upload (1.1)
WordPress Plugin Custom Background CWE-434 High 'uploadify.php' Arbitrary File Upload (1.01)
WordPress Plugin Custom Banners Cross-Site CVE-2014-4724 CWE-79 High Scripting (1.2.2.2)
WordPress Plugin Custom Contact Forms Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (5.0.0.1)
WordPress Plugin Custom Contact Forms Security CWE-264 High Bypass (5.1.0.3)
WordPress Plugin Custom Content Type Manager CWE-434 High 'upload_form.php' Arbitrary File Upload (0.9.5.13)
WordPress Plugin Custom Content Type Manager CWE-95 High Backdoor (0.9.8.8)
WordPress Plugin Custom Content Type Manager CVE-2015-3173 CWE-94 High Remote Code Execution (0.9.8.5)
WordPress Plugin Custom Field Suite Security CWE-264 High Bypass (2.4)
WordPress Plugin Custom Login Cross-Site CWE-79 High Scripting (3.2)
WordPress Plugin Custom Metas Cross-Site CWE-79 High Scripting (1.5.1)
WordPress Plugin Custom Permalinks Unspecified High Vulnerability (0.7.15)
WordPress Plugin Custom Post Type UI 'wp-admin/ CWE-79 High admin.php' Cross-Site Scripting (0.7)
WordPress Plugin Custom Post Type UI Cross-Site CWE-79 High Scripting (1.0.6)
WordPress Plugin Custom Post Type UI Cross-Site CWE-79 High Scripting (1.1.1)
WordPress Plugin Custom Sidebars Cross-Site CWE-79 High Scripting (2.1.0.1)
WordPress Plugin Custom Tables 'key' Parameter CWE-79 High Cross-Site Scripting (3.4.4)
WordPress Plugin Custom Website Data Cross-Site CWE-352 High Request Forgery (1.2)
WordPress Plugin Custom Website Data Cross-Site CWE-79 High Scripting (1.0)
�50 Vulnerability Name CVE CWE Severity
WordPress Plugin Customize Youtube Videos CWE-79 CWE-3 High Multiple Vulnerabilities (0.2) 52
WordPress Plugin DB Backup Directory Traversal CVE-2014-9119 CWE-22 High (4.5)
WordPress Plugin DB Toolkit 'uploadify.php' CWE-434 High Arbitrary File Upload (0.1.10)
WordPress Plugin DM Albums 'album.php' Remote CVE-2009-2396 CWE-94 High File Inclusion (1.9.2)
WordPress Plugin DM Albums File Dislosure (1.9.2) CWE-22 High
WordPress Plugin DM Albums Multiple File Deletion CWE-22 High Vulnerabilities (2.1)
WordPress Plugin DMCA WaterMarker Cross-Site CVE-2014-4520 CWE-79 High Scripting (1.0)
WordPress Plugin DMSGuestbook File CWE-99 High Manipulation (1.17.4)
WordPress Plugin DMSGuestbook Multiple Remote CVE-2008-0615 CVE-2008-0616CVE-2008-0617 CVE-2008-0 CWE-22 CWE-7 High Vulnerabilities (1.8.0) 618 9 CWE-89
WordPress Plugin DP Maintenance Mode Lite CWE-79 High Cross-Site Scripting (1.3.2)
WordPress Plugin DP Thumbnail TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (1.0)
WordPress Plugin DVS Custom Notification Multiple CVE-2012-4921 CWE-352 High Cross-Site Request Forgery Vulnerabilities (1.0.1)
WordPress Plugin DW Question & Answer Cross- CWE-79 High Site Scripting (1.4.2.2)
WordPress Plugin DW Question & Answer Security CWE-264 High Bypass (1.2.9)
WordPress Plugin DX-Contribute Cross-Site CWE-352 High Request Forgery (1.2.0)
WordPress Plugin DZS Video Gallery Information CWE-200 High Disclosure (3.1.3)
WordPress Plugin DZS Video Gallery Multiple Cross- CVE-2014-3923 CVE-2014-9094 CWE-79 High Site Scripting Vulnerabilities (All)
WordPress Plugin Daily Inspiration Generator CWE-79 High Cross-Site Scripting (2.0)
WordPress Plugin Daily Inspiration Generator Open CWE-601 High Redirect (2.0)
WordPress Plugin Daily Maui Photo Widget Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (0.2)
WordPress Plugin DandyID Services Cross-Site CVE-2014-9335 CWE-352 High Request Forgery (1.5.9)
WordPress Plugin Database Sync Cross-Site CWE-79 High Scripting (0.4)
WordPress Plugin Dean's FCKEditor with pwwang's CWE-20 High code Arbitrary File Upload (1.0.0)
WordPress Plugin Dean's Permalinks Migration CVE-2008-0508 CWE-352 High Cross-Site Request Forgery (1.0)
�51 Vulnerability Name CVE CWE Severity
WordPress Plugin Debug Bar Unspecified High Vulnerability (0.8)
WordPress Plugin Defa Online Image Protector CWE-79 High Cross-Site Scripting (3.3)
WordPress Plugin Default Facebook Thumbnails CWE-79 CWE-3 High Multiple Vulnerabilities (0.4) 52
WordPress Plugin Delete All Comments Cross-Site CWE-352 High Request Forgery (1.0)
WordPress Plugin Design Approval System Cross- CVE-2013-5711 CWE-79 High Site Scripting (3.6)
WordPress Plugin Developer Formatter Cross-Site CWE-352 High Request Forgery (2012.0.1.39)
WordPress Plugin Dexs PM System Cross-Site CWE-79 High Scripting (1.0.1)
WordPress Plugin Dharma booking Local/Remote CWE-98 High File Inclusion (2.38.3)
WordPress Plugin Digg Digg Cross-Site Request CVE-2013-3258 CWE-352 High Forgery (5.3.4)
WordPress Plugin Disable Comments Cross-Site CVE-2014-2550 CWE-352 High Request Forgery (1.0.3)
WordPress Plugin Disable Comments Cross-Site CWE-79 High Scripting (1.3)
WordPress Plugin Disable Feeds Unspecified High Vulnerability (1.4)
WordPress Plugin Disclosure Policy 'abspath' CWE-94 High Parameter Remote File Include (1.0)
WordPress Plugin Display Posts Shortcode High Unspecified Vulnerability (1.9)
WordPress Plugin Display Widgets Cross-Site CWE-79 High Scripting (2.03)
WordPress Plugin Display posts in grid layout CWE-79 High without coding-Content Views Cross-Site Scripting (1.6.1)
WordPress Plugin Disqus Comment System Cross- CWE-79 High Site Scripting (2.68)
WordPress Plugin Disqus Comment System CVE-2014-5346 CWE-352 High Multiple Cross-Site Request Forgery Vulnerabilities (2.77)
WordPress Plugin Disqus Comment System CVE-2014-5345 CVE-2014-5347 CWE-79 CWE-9 High Multiple Vulnerabilities (2.75) 5 CWE-352
WordPress Plugin Ditty News Ticker Unspecified High Vulnerability (1.5.1)
WordPress Plugin Divi Builder Security Bypass CWE-264 High (1.2.3)
WordPress Plugin Donate by BestWebSoft Cross- CWE-79 High Site Scripting (2.0.1)
WordPress Plugin Donation with Goals and Paypal CWE-89 High IPN by NonprofitCMS.org 'exporttocsv.php' SQL Injection (1.0)
�52 Vulnerability Name CVE CWE Severity
WordPress Plugin Double Opt-In for Download SQL CVE-2015-7517 CWE-89 High Injection (2.0.8)
WordPress Plugin Download Monitor 'dlsearch' CVE-2012-4768 CWE-79 High Parameter Cross-Site Scripting (3.3.5.8)
WordPress Plugin Download Monitor Cross-Site CWE-79 High Scripting (1.7.0)
WordPress Plugin Download Monitor Cross-Site CVE-2013-3262 CVE-2013-5098 CWE-79 High Scripting (3.3.6.1)
WordPress Plugin Download Monitor Information CWE-538 High Disclosure (1.6.3)
WordPress Plugin Download Shortcode Arbitrary CWE-22 High File Disclosure (0.1)
WordPress Plugin Download Shortcode Local File CVE-2014-5465 CWE-22 High Inclusion (0.2.3)
WordPress Plugin Download Zip Attachments CVE-2015-4704 CWE-22 High Arbitrary File Download (1.0.0)
WordPress Plugin Downloads Manager CVE-2008-3362 CWE-20 High 'upload.php' Arbitrary File Upload (0.2)
WordPress Plugin Drag & Drop File Uploader 'dnd- CWE-434 High upload.php' Arbitrary File Upload (0.1)
WordPress Plugin Dropdown Menu Widget Cross- CVE-2013-2704 CWE-352 High Site Request Forgery (1.9.1)
WordPress Plugin DukaPress Directory Traversal CVE-2014-8799 CWE-22 High (2.5.2)
WordPress Plugin DukaPress Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.5.9)
WordPress Plugin DukaPress SQL Injection (2.5.9) CWE-89 High
WordPress Plugin DukaPress TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (2.3.2)
WordPress Plugin Duo Two-Factor Authentication CWE-592 High Security Bypass (1.8.1)
WordPress Plugin Duplicate Post Multiple CWE-79 CWE-8 High Vulnerabilities (2.4.1) 9
WordPress Plugin Duplicate Theme Unspecified High Vulnerability (0.1.4)
WordPress Plugin Duplicator Arbitrary File CWE-22 High Disclosure (0.3.0)
WordPress Plugin Duplicator Cross-Site Request CWE-352 High Forgery (1.1.2)
WordPress Plugin Duplicator Cross-Site Scripting CVE-2013-4625 CWE-79 High (0.4.4)
WordPress Plugin Duplicator Cross-Site Scripting CWE-79 High (0.5.26)
WordPress Plugin Duplicator SQL Injection (0.5.14) CWE-89 High
WordPress Plugin Duplicator Security Bypass (0.5.8) CVE-2014-9262 CWE-264 High
WordPress Plugin Dynamic Widgets 'id' Parameter CWE-79 High Cross-Site Scripting (1.5.1)
�53 Vulnerability Name CVE CWE Severity
WordPress Plugin Dynamic Widgets Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (1.5.10)
WordPress Plugin Dynamic Widgets Multiple High Unspecified Vulnerabilities (1.5.7)
WordPress Plugin E-Search Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.0)
WordPress Plugin EDD Favorites Cross-Site CWE-79 High Scripting (1.0.6)
WordPress Plugin EELV Newsletter Cross-Site CWE-79 High Scripting (3.3.0)
WordPress Plugin EMC2 Custom Help Videos Cross- CWE-79 High Site Scripting (1.2)
WordPress Plugin ENL Newsletter SQL Injection CVE-2014-4939 CWE-89 High (1.0.1)
WordPress Plugin EWWW Image Optimizer Cloud CWE-79 High Cross-Site Scripting (2.0.1)
WordPress Plugin EWWW Image Optimizer Cross- CVE-2014-6243 CWE-79 High Site Scripting (2.0.1)
WordPress Plugin EZ Google Analytics Cross-Site CWE-79 High Scripting (4.1.06)
WordPress Plugin EZ Portfolio Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.0.1)
WordPress Plugin EZ SQL Reports Shortcode CWE-22 CWE-9 High Widget and DB Backup Multiple Vulnerabilities 4 (4.11.33)
WordPress Plugin EZP Coming Soon Page Cross- CWE-79 High Site Scripting (1.0.0)
WordPress Plugin EZPZ One Click Backup 'mail' CWE-79 High Parameter Cross-Site Scripting (12.03.10)
WordPress Plugin EZPZ One Click Backup Remote CVE-2014-3114 CWE-78 High Code Execution (12.03.10)
WordPress Plugin Easing Slider Multiple Cross-Site CVE-2015-1436 CWE-79 High Scripting Vulnerabilities (2.2.0.6)
WordPress Plugin Easy Author Image Information CWE-200 High Disclosure (1.5)
WordPress Plugin Easy Banners Cross-Site Scripting CVE-2014-4723 CWE-79 High (1.4)
WordPress Plugin Easy Career Openings Cross-Site CVE-2014-4523 CWE-79 High Scripting (0.4)
WordPress Plugin Easy Coming Soon Cross-Site CWE-79 High Scripting (1.6.2)
WordPress Plugin Easy Coming Soon Cross-Site CWE-79 High Scripting (1.8.1)
WordPress Plugin Easy Comment Uploads CWE-434 High 'upload.php' Arbitrary File Upload (0.61)
WordPress Plugin Easy Contact Form Builder Cross- CWE-79 High Site Scripting (1.0)
WordPress Plugin Easy Contact Form Lite CWE-89 High 'sort_row.request.php' SQL Injection (1.0.7)
�54 Vulnerability Name CVE CWE Severity
WordPress Plugin Easy Contact Form Solution CVE-2014-7240 CWE-79 High Cross-Site Scripting (1.6)
WordPress Plugin Easy Contact Forms Export 'file' CWE-22 High Parameter Information Disclosure (1.1.0)
WordPress Plugin Easy Digital Downloads Attach CWE-79 High Accounts to Orders Cross-Site Scripting (2.0.1)
WordPress Plugin Easy Digital Downloads Cross- CWE-79 High Site Scripting (2.3.6)
WordPress Plugin Easy Digital Downloads Multiple CWE-264 High Security Bypass Vulnerabilities (2.1.10)
WordPress Plugin Easy Digital Downloads QR Code CWE-79 High Cross-Site Scripting (1.1.0)
WordPress Plugin Easy Digital Downloads High Unspecified Vulnerability (2.4.9)
WordPress Plugin Easy Digital Downloads-htaccess CWE-79 High Editor Cross-Site Scripting (1.0.0)
WordPress Plugin Easy FancyBox Unspecified High Vulnerability (1.3.4.9)
WordPress Plugin Easy Forms for MailChimp High Unspecified Vulnerability (6.0.3.2)
WordPress Plugin Easy Google Fonts Cross-Site CWE-79 High Scripting (1.3.6)
WordPress Plugin Easy Image Gallery Cross-Site CWE-79 High Scripting (1.1.1)
WordPress Plugin Easy MailChimp Forms Cross-Site CVE-2014-7152 CWE-79 High Scripting (5.0.6)
WordPress Plugin Easy Plugin for AdSense Cross- CVE-2013-2702 CWE-352 High Site Request Forgery (6.06)
WordPress Plugin Easy Property Listings High Unspecified Vulnerability (2.0)
WordPress Plugin Easy Social Icons Multiple CVE-2015-2084 CWE-79 CWE-3 High Vulnerabilities (1.2.2) 52
WordPress Plugin Easy Social Icons Multiple CWE-79 CWE-8 High Vulnerabilities (1.2.3.1) 9
WordPress Plugin Easy Social Share Buttons for CWE-79 High WordPress Multiple Cross-Site Scripting Vulnerabilities (3.4.1)
WordPress Plugin Easy Table Cross-Site Scripting CWE-79 High (1.5.2)
WordPress Plugin Easy2Map Multiple SQL Injection CVE-2015-4614 CVE-2015-4616 CWE-89 High Vulnerabilities (1.2.4)
WordPress Plugin Easy2Map Multiple CVE-2015-7668 CVE-2015-7669 CWE-22 CWE-7 High Vulnerabilities (1.2.9) 9
WordPress Plugin Easy2Map Photos Multiple CVE-2015-4615 CVE-2015-4617 CWE-22 CWE-8 High Vulnerabilities (1.0.9) 9
WordPress Plugin Echo Sign Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.1)
WordPress Plugin Edit Author Slug Cross-Site CWE-79 High Scripting (1.0.5.1)
�55 Vulnerability Name CVE CWE Severity
WordPress Plugin EditorMonkey Remote File CWE-20 High Upload (2.5)
WordPress Plugin Editorial Calendar Multiple CWE-79 CWE-8 High Vulnerabilities (2.6) 9 CWE-264
WordPress Plugin Efence Multiple Cross-Site CVE-2014-4526 CWE-79 High Scripting Vulnerabilities (1.3.2)
WordPress Plugin Email Encoder Bundle-Protect CWE-79 High Email Address Cross-Site Scripting (1.4.1)
WordPress Plugin Email Encoder Bundle-Protect CWE-79 High Email Address Multiple Cross-Site Scripting Vulnerabilities (1.4.3)
WordPress Plugin Email Queue by BestWebSoft CWE-352 High Cross-Site Request Forgery (1.0.0)
WordPress Plugin Email Subscribers Multiple CWE-79 CWE-8 High Vulnerabilities (2.9) 9
WordPress Plugin Email Users Cross-Site Scripting CWE-79 High (4.7.5)
WordPress Plugin Email newsletter 'option' CWE-200 High Parameter Information Disclosure (8.0)
WordPress Plugin Email newsletter Cross-Site CWE-79 High Scripting (20.13.6)
WordPress Plugin Embed Articles Multiple CWE-79 CWE-3 High Vulnerabilities (7.0.3) 52
WordPress Plugin Embedded Video 'lembedded- CVE-2010-4277 CWE-79 High video.php' Cross-Site Scripting (4.1)
WordPress Plugin Enable Media Replace SQL CWE-89 CWE-4 High Injection and Arbitrary File Upload Vulnerabilities 34 (2.3)
WordPress Plugin Encrypted Blog Multiple CWE-79 CWE-6 High Vulnerabilities (0.0.6.2) 01
WordPress Plugin Encrypted Contact Form Multiple CVE-2015-4010 CWE-79 CWE-3 High Vulnerabilities (1.0.4) 52
WordPress Plugin EnvialoSimple:Email Marketing y CVE-2014-4527 CWE-79 High Newsletters Multiple Cross-Site Scripting Vulnerabilities (1.97)
WordPress Plugin Erident Custom Login and CWE-352 High Dashboard Cross-Site Request Forgery (3.4.1)
WordPress Plugin Eshop Magic Arbitrary File CWE-22 High Disclosure (0.1)
WordPress Plugin Evarisk 'ajax.php' SQL Injection CWE-89 High (5.1.3.6)
WordPress Plugin Evarisk 'uploadPhotoApres.php' CWE-434 High Arbitrary File Upload (5.1.5.4)
WordPress Plugin Event Organiser Cross-Site CWE-79 High Scripting (2.12.4)
WordPress Plugin Event Registration 'event_id' CVE-2010-4839 CWE-89 High Parameter SQL Injection (5.32)
WordPress Plugin Event Registration 'event_id' CVE-2010-4839 CWE-89 High Parameter SQL Injection (5.44)
�56 Vulnerability Name CVE CWE Severity
WordPress Plugin Event Registration 'id' Parameter CWE-89 High SQL Injection (5.43)
WordPress Plugin Eventify-Simple Events CWE-89 High 'fetcheventdetails.php' SQL Injection (1.7.f)
WordPress Plugin Eventify-Simple Events 'npath' CWE-94 High Parameter Remote File Include (1.7.g)
WordPress Plugin Events Calendar CWE-79 High 'ec_management.class.php' Cross-Site Scripting (6.7.11)
WordPress Plugin Events Made Easy Multiple CWE-79 CWE-3 High Vulnerabilities (1.5.49) 52
WordPress Plugin Events Manager 'events- CWE-89 High manager.php' SQL Injection (2.1)
WordPress Plugin Events Manager Extended CWE-89 High 'admin.php' SQL Injection (3.1.2)
WordPress Plugin Events Manager Extended CWE-79 High Multiple HTML Injection Vulnerabilities (3.1.2)
WordPress Plugin Events Manager Multiple Cross- CVE-2013-1407 CWE-79 High Site Scripting Vulnerabilities (5.3.3)
WordPress Plugin Events Manager Multiple CWE-79 CWE-9 High Vulnerabilities (5.5.7.1) 4
WordPress Plugin Events Manager Unspecified High Vulnerability (5.5.5)
WordPress Plugin Events Registration with PayPal CWE-89 High IPN Multiple SQL Injection Vulnerabilities (2.1.2)
WordPress Plugin Extend WordPress-Various CVE-2011-4106 CWE-20 High Shortcodes & Widgets TimThumb Arbitrary File Upload (2.1.01)
WordPress Plugin External 'Video for Everybody' CWE-79 High Cross-Site Scripting (2.0)
WordPress Plugin Extra User Details Privilege CWE-264 High Escalation (0.4.2)
WordPress Plugin FAQ Multiple Cross-Site Scripting CWE-79 High Vulnerabilities (1.0.14)
WordPress Plugin FAQs Manager Cross-Site CWE-79 CWE-3 High Scripting and Cross-Site Request Forgery 52 Vulnerabilities (1.0)
WordPress Plugin FAQs Manager SQL Injection (1.0) CWE-89 High
WordPress Plugin FB Survey Pro 'id' Parameter SQL CWE-89 High Injection (1.0)
WordPress Plugin FCChat Widget 'Upload.php' CVE-2012-3578 CWE-264 High Arbitrary File Upload (2.2.13.1)
WordPress Plugin FCChat Widget 'path' Parameter CWE-79 High Cross-Site Scripting (2.1.7)
WordPress Plugin FV Flowplayer Video Player CWE-79 High Cross-Site Scripting (6.0.3.3)
WordPress Plugin FV WordPress Flowplayer URL CVE-2011-4568 CWE-79 High Cross-Site Scripting (1.2.11)
�57 Vulnerability Name CVE CWE Severity
WordPress Plugin Facebook Button by BestWebSoft CWE-79 High Cross-Site Scripting (2.33)
WordPress Plugin Facebook Like Box Cross-Site CVE-2014-9524 CWE-352 High Request Forgery (2.8.2)
WordPress Plugin Facebook Like Button by CWE-352 High BestWebSoft Cross-Site Request Forgery (2.13)
WordPress Plugin Facebook Members Cross-Site CVE-2013-2703 CWE-352 High Request Forgery (5.0.4)
WordPress Plugin Facebook Opengraph Meta CWE-89 High 'all_meta.php' SQL Injection (1.0)
WordPress Plugin Facebook Page Photo Gallery CWE-79 High Cross-Site Scripting (2.0.9)
WordPress Plugin Facebook Promotion Generator CWE-89 High for WordPress 'fbActivate.php' SQL Injection (1.3.3)
WordPress Plugin Facebook Promotion Generator CVE-2014-4528 CWE-79 High for WordPress Multiple Cross-Site Scripting Vulnerabilities (1.3.4)
WordPress Plugin Facebook With Login Multiple CWE-79 CWE-8 High Vulnerabilities (1.0) 9
WordPress Plugin Facebook, Twitter & Google+ CWE-79 CWE-3 High Social Widgets Multiple Vulnerabilities (1.3.7) 52
WordPress Plugin Fancy Cats Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.1)
WordPress Plugin Fancy Gallery 'image-upload.php' CWE-434 High Arbitrary File Upload (1.2.4)
WordPress Plugin Fancy Gallery Cross-Site Scripting CWE-79 High (1.5.12)
WordPress Plugin FancyBox for WordPress Cross- CWE-79 High Site Scripting (3.0.2)
WordPress Plugin FancyBox for WordPress Security CVE-2015-1494 CWE-264 High Bypass (3.0.2)
WordPress Plugin FancyFlickr Cross-Site Scripting CWE-79 High (1.0)
WordPress Plugin Fast Image Adder Arbitrary File CWE-434 High Upload (1.1)
WordPress Plugin Fast Secure Contact Form CWE-79 High 'index.php' Cross-Site Scripting (3.0.3.1)
WordPress Plugin Fast Secure Contact Form Cross- CWE-79 High Site Scripting (4.0.35)
WordPress Plugin Fast Secure Contact Form Cross- CWE-79 High Site Scripting (4.0.37)
WordPress Plugin Favicon by RealFaviconGenerator CWE-79 High Cross-Site Scripting (1.2.12)
WordPress Plugin Favicon by RealFaviconGenerator High Unspecified Vulnerability (1.2.13)
WordPress Plugin Feature Slideshow 'src' CWE-79 High Parameter Cross-Site Scripting (1.0.6beta)
WordPress Plugin Featured Comments Cross-Site CVE-2014-4163 CWE-352 High Request Forgery (1.2.1)
�58 Vulnerability Name CVE CWE Severity
WordPress Plugin Featured Comments Cross-Site CWE-352 High Request Forgery (1.2.4)
WordPress Plugin Featured Content 'param' CWE-79 High Parameter Cross-Site Scripting (0.0.1)
WordPress Plugin Featured Post with thumbnail High Unspecified Vulnerability (1.4)
WordPress Plugin Featurific For WordPress 'snum' CVE-2011-5265 CWE-79 High Parameter Cross-Site Scripting (1.6.2)
WordPress Plugin Feed Statistics Open Redirect CWE-601 High (3.0)
WordPress Plugin Feed Them Social (Facebook, CWE-79 High Instagram, Twitter, Vine, Pinterest, etc) Cross-Site Scripting (1.6.9)
WordPress Plugin FeedList 'handler_image.php' CVE-2010-4637 CWE-79 High Cross-Site Scripting (2.61.01)
WordPress Plugin FeedWordPress Cross-Site CWE-79 High Scripting (2014.0805)
WordPress Plugin FeedWordPress Multiple CVE-2015-4018 CWE-79 CWE-8 High Vulnerabilities (2015.0426) 9
WordPress Plugin Feedweb Cross-Site Scripting CVE-2013-3720 CWE-79 High (1.8.8)
WordPress Plugin Feedweb Cross-Site Scripting CWE-79 High (2.4)
WordPress Plugin Feedweb Unspecified High Vulnerability (3.0.10)
WordPress Plugin Feedweb Unspecified High Vulnerability (3.0.7)
WordPress Plugin File Gallery Remote Code CVE-2014-2558 CWE-94 High Execution (1.7.9)
WordPress Plugin File Groups 'fgid' Parameter SQL CWE-89 High Injection (1.1.2)
WordPress Plugin File Uploader Arbitrary File CWE-434 High Upload (1.1)
WordPress Plugin Filedownload 'download.php' CWE-22 High Local File Disclosure (0.1)
WordPress Plugin Filedownload Multiple CWE-79 CWE-8 High Vulnerabilities (1.4) 9 CWE-441
WordPress Plugin Filtre de Surveillance CWE-79 High Gouvernemental Cross-Site Scripting (1.1)
WordPress Plugin FireStats 'firestats- CVE-2009-2143 CWE-94 High wordpress.php' Remote File Include (1.6.1)
WordPress Plugin FireStats Arbitrary File Download CWE-538 High (1.6.5)
WordPress Plugin FireStats Cross-Site Scripting CWE-79 High (1.6.4)
WordPress Plugin FireStats Multiple Cross-Site CWE-79 CWE-2 High Scripting and Authentication Bypass Vulnerabilities 87 (1.0.2)
�59 Vulnerability Name CVE CWE Severity
WordPress Plugin FireStorm Professional Real CWE-89 High Estate 'id' Parameter SQL Injection (2.06.03)
WordPress Plugin FireStorm Professional Real CWE-89 High Estate Multiple SQL Injection Vulnerabilities (2.05.01)
WordPress Plugin Fixedly Media Gallery Cross-Site CWE-79 High Scripting (1.3.1)
WordPress Plugin Flamingo Code Injection (1.1) CWE-95 High
WordPress Plugin Flash Photo Gallery Cross-Site CVE-2014-4529 CWE-79 High Scripting (0.7)
WordPress Plugin Flexi Quote Rotator SQL Injection CWE-89 CWE-3 High and Cross-Site Request Forgery Vulnerabilities (0.9) 52
WordPress Plugin Flexible Custom Post Type Cross- CVE-2011-5106 CWE-79 High Site Scripting (0.1.5)
WordPress Plugin Flickr Justified Gallery Cross-Site CWE-79 High Scripting (3.3.6)
WordPress Plugin Flip Book 'php.php' Arbitrary File CWE-434 High Upload (1.0)
WordPress Plugin Floating Social Bar Cross-Site CVE-2015-5528 CWE-79 High Scripting (1.1.5)
WordPress Plugin Floating Social Bar Cross-Site CVE-2015-3299 CWE-79 High Scripting (1.1.6)
WordPress Plugin Floating Social Media Icon Cross- CWE-79 High Site Scripting (2.1)
WordPress Plugin Floating Social Media Links 'wpp' CWE-94 High Parameter Multiple Remote File Include Vulnerabilities (1.4.2)
WordPress Plugin Floating Tweets Multiple CWE-22 CWE-7 High Vulnerabilities (1.0.1) 9
WordPress Plugin Flog Cross-Site Scripting (0.1) CVE-2014-4530 CWE-79 High
WordPress Plugin Flog Server-Side Request Forgery CWE-918 High (1.0beta3)
WordPress Plugin Foliopress WYSIWYG Cross-Site CVE-2014-1232 CWE-79 High Scripting (2.6.8.4)
WordPress Plugin Font Uploader 'font-upload.php' CVE-2012-3814 CWE-434 High Arbitrary File Upload (1.2.4)
WordPress Plugin Font-official webfonts plugin of CVE-2015-7683 CWE-22 High Fonts For Web Directory Traversal (7.5)
WordPress Plugin FooBox Image Lightbox Cross- CWE-79 High Site Scripting (1.0.4)
WordPress Plugin Form Builder Cross-Site Scripting CWE-79 High (1.2.0)
WordPress Plugin Form Maker Security Bypass CWE-264 High (1.7.14)
WordPress Plugin Form Maker Unspecified High Vulnerability (1.6.5)
WordPress Plugin Form Maker Unspecified High Vulnerability (1.7.56)
�60 Vulnerability Name CVE CWE Severity
WordPress Plugin Form Manager Remote CVE-2015-7806 CWE-94 High Command Execution (1.7.2)
WordPress Plugin FormBuilder Cross-Site Scripting CWE-79 High (0.90)
WordPress Plugin FormGet Contact Form Cross- CWE-79 High Site Scripting (5.3)
WordPress Plugin Formidable Forms Arbitrary File CWE-94 High Upload (1.06.02)
WordPress Plugin Formidable Forms Information CWE-200 High Disclosure (2.0.07)
WordPress Plugin Formidable Forms Multiple High Unspecified Vulnerabilities (1.06.08)
WordPress Plugin Formidable Forms SQL Injection CVE-2014-9309 CWE-89 High (1.07.12)
WordPress Plugin Formidable Forms Security CWE-264 High Bypass (2.0.21)
WordPress Plugin ForumConverter SQL Injection CWE-89 High (1.11)
WordPress Plugin Forums 'url' Parameter Arbitrary CVE-2012-4920 CWE-22 High File Disclosure (1.4.3)
WordPress Plugin FourSquare Checkins Cross-Site CVE-2013-2709 CWE-352 High Request Forgery (1.2)
WordPress Plugin Fourteen Extended Cross-Site CVE-2014-5156 CWE-79 High Scripting (1.2.31)
WordPress Plugin FoxyPress 'uploadify.php' CWE-434 High Arbitrary File Upload (0.4.2.1)
WordPress Plugin FoxyPress Multiple CWE-79 CWE-8 High Vulnerabilities (0.4.2.5) 9 CWE-352 CWE -434
WordPress Plugin FoxyShop Cross-Site Scripting CWE-79 High (4.6)
WordPress Plugin Free counter Cross-Site Scripting CVE-2015-4084 CWE-79 High (1.1)
WordPress Plugin FreshMail For WordPress CWE-89 High Multiple SQL Injection Vulnerabilities (1.5.8)
WordPress Plugin Front End Upload 'upload.php' CWE-434 High Arbitrary File Upload (0.5.3)
WordPress Plugin Front End Upload Arbitrary File CWE-434 High Upload (0.5.4.4)
WordPress Plugin Front File Manager 'upload.php' CWE-434 High Arbitrary File Upload (0.1)
WordPress Plugin Front end file upload and CWE-434 High manager 'doupload.php' Arbitrary File Upload (1.8)
WordPress Plugin Front end file upload and CVE-2014-5324 CWE-94 High manager Arbitrary File Upload (3.3)
WordPress Plugin Front end file upload and CWE-434 High manager Arbitrary File Upload (3.7)
WordPress Plugin Front-end Editor 'upload.php' CWE-434 High Arbitrary File Upload (2.2.1)
�61 Vulnerability Name CVE CWE Severity
WordPress Plugin Frontend Uploader Cross-Site CVE-2014-9444 CWE-79 High Scripting (0.9.2)
WordPress Plugin Frontier Post Security Bypass CWE-264 High (1.3.2)
WordPress Plugin Fuctweb CapCC 'plugins.php' SQL CWE-89 High Injection (1.0)
WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA CWE-352 High Cross-Site Request Forgery (0.3.2)
WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (0.4.3)
WordPress Plugin Funky Penguin WP-PHPList CWE-79 High 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
WordPress Plugin Fusion Engage Local File CWE-22 High Disclosure (1.0.5)
WordPress Plugin G-Lock Double Opt-in Manager CWE-89 High 'ajaxbackend.php' SQL Injection (2.6.2)
WordPress Plugin GA Universal Cross-Site Request CWE-352 High Forgery (1.0)
WordPress Plugin GB Gallery Slideshow SQL CVE-2014-8375 CWE-89 High Injection (1.2)
WordPress Plugin GB Team Stats Cross-Site CWE-79 High Scripting (1.5.1)
WordPress Plugin GD Star Rating 'de' Parameter CWE-89 High SQL Injection (1.9.10)
WordPress Plugin GD Star Rating 'export.php' CWE-264 High Security Bypass (1.9.18)
WordPress Plugin GD Star Rating 'tpl_section' CWE-79 High Parameter Cross-Site Scripting (1.9.16)
WordPress Plugin GD Star Rating 'votes' Parameter CWE-89 High SQL Injection (1.9.8)
WordPress Plugin GD Star Rating 'wpfn' Parameter CWE-79 High Cross-Site Scripting (1.9.8)
WordPress Plugin GD Star Rating Multiple CVE-2014-2838 CVE-2014-2839 CWE-89 CWE-3 High Vulnerabilities (1.9.22) 52
WordPress Plugin GD bbPress Attachments CVE-2015-5481 CWE-22 CWE-7 High Multiple Vulnerabilities (2.2) 9
WordPress Plugin GEO Redirector Cross-Site CVE-2014-4533 CWE-79 High Scripting (1.0.1)
WordPress Plugin GRAND Flash Album Gallery CWE-22 CWE-8 High Multiple Vulnerabilities (2.00) 9 CWE-94
WordPress Plugin GRAND Flash Album Gallery SQL CWE-22 CWE-8 High Injection and Information Disclosure Vulnerabilities 9 (0.59)
WordPress Plugin Gallery 'php.php' Arbitrary File CWE-434 High Upload (3.06)
WordPress Plugin Gallery Arbitrary File Disclosure CWE-538 High (3.8.3)
�62 Vulnerability Name CVE CWE Severity
WordPress Plugin Gallery Bank-Photo Galleries & CWE-89 High Albums SQL Injection (3.0.229)
WordPress Plugin Gallery Bank-Responsive Photo CWE-79 High Gallery Albums Cross-Site Scripting (3.0.228)
WordPress Plugin Gallery Bank-Responsive Photo CVE-2014-8758 CWE-79 High Gallery Cross-Site Scripting (3.0.69)
WordPress Plugin Gallery Bank-Responsive Photo CWE-79 High Gallery Multiple Cross-Site Scripting Vulnerabilities (2.0.19)
WordPress Plugin Gallery Bank-Responsive Photo CWE-89 High Gallery SQL Injection (3.0.101)
WordPress Plugin Gallery Master-Responsive Photo CWE-79 High Galleries & Albums Cross-Site Scripting (1.0.22)
WordPress Plugin Gallery Objects SQL Injection CVE-2014-5201 CWE-89 High (0.4)
WordPress Plugin Gallery Unspecified Vulnerability High (1.2.41)
WordPress Plugin Gallery by BestWebSoft Cross- CWE-79 High Site Scripting (4.2.1)
WordPress Plugin Gallery-Photo Albums-Portfolio CWE-79 High Cross-Site Scripting (1.2.25)
WordPress Plugin Gallery-Photo Albums-Portfolio CVE-2015-7386 CWE-79 High Cross-Site Scripting (1.3.47)
WordPress Plugin Gallery-Photo Albums-Portfolio CWE-352 High Multiple Cross-Site Request Forgery Vulnerabilities (1.2.59)
WordPress Plugin Gallery-Photo Albums-Portfolio CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.2.29)
WordPress Plugin Game tabs Cross-Site Scripting CVE-2014-4531 CWE-79 High (0.4.0)
WordPress Plugin Gantry 4 Framework Cross-Site CWE-79 High Scripting (4.1.5)
WordPress Plugin Gantry 4 Framework Remote CWE-95 High Command Execution (4.1.3)
WordPress Plugin GarageSale Cross-Site Scripting CVE-2014-4532 CWE-79 High (1.2.2)
WordPress Plugin Garee's Flickr Feed Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (0.8)
WordPress Plugin GdeSlon Affiliate Shop Open CWE-601 High Redirect (2.0)
WordPress Plugin GeSHi Source Colorer Cross-Site CVE-2013-1808 CWE-79 High Scripting (0.13)
WordPress Plugin Genesis Simple Share Cross-Site CWE-79 High Scripting (1.0.6)
WordPress Plugin Geo Mashup Cross-Site Scripting CVE-2015-1383 CWE-79 High (1.8.2)
WordPress Plugin GigPress 'Notes' Field HTML CWE-79 High Injection (2.1.10)
�63 Vulnerability Name CVE CWE Severity
WordPress Plugin GigPress Multiple SQL Injection CVE-2015-4066 CWE-89 High Vulnerabilities (2.3.8)
WordPress Plugin GigPress Multiple Vulnerabilities CWE-79 CWE-8 High (2.3.10) 9
WordPress Plugin Gigya-Social Infrastructure Cross- CWE-79 High Site Scripting (1.1.8)
WordPress Plugin Gigya-Social Infrastructure High Unspecified Vulnerability (3.0.4)
WordPress Plugin Give-Democratizing Generosity CWE-79 High Cross-Site Scripting (0.8)
WordPress Plugin Global Content Blocks CWE-89 High 'gcb_export.php' SQL Injection (1.2)
WordPress Plugin Global Content Blocks PHP Code CWE-95 CWE-2 High Execution and Information Disclosure 00 Vulnerabilities (1.5.1)
WordPress Plugin Global Flash Galleries Cross-Site CWE-79 High Scripting (0.13.4)
WordPress Plugin Gmedia Gallery-Photo Gallery, CWE-20 High Image Slider, Music Player, Video Player, Media Library Arbitrary File Upload (1.2.1)
WordPress Plugin Gmedia Gallery-Photo Gallery, CWE-79 High Image Slider, Music Player, Video Player, Media Library Cross-Site Scripting (0.9.3)
WordPress Plugin Gmedia Gallery-Photo Gallery, CWE-22 CWE-7 High Image Slider, Music Player, Video Player, Media 9 Library Multiple Vulnerabilities (1.6.4)
WordPress Plugin GoCodes Multiple Vulnerabilities CWE-79 CWE-8 High (1.3.5) 9
WordPress Plugin Google 'Plus one' Button by kms CWE-79 CWE-3 High Multiple Vulnerabilities (1.5.0) 52
WordPress Plugin Google +1 by BestWebSoft Cross- CWE-79 High Site Scripting (1.1.6)
WordPress Plugin Google AdSense Click-Fraud CVE-2015-3998 CWE-79 High Monitoring Cross-Site Scripting (1.8.6)
WordPress Plugin Google AdSense by BestWebSoft CWE-79 High Cross-Site Scripting (1.29)
WordPress Plugin Google Adsense and Hotel CWE-441 High Booking Open Proxy (1.0.5)
WordPress Plugin Google Alert And Twitter Multiple CWE-79 CWE-8 High Vulnerabilities (3.1.5) 9
WordPress Plugin Google Analyticator Cross-Site CVE-2015-4697 CWE-352 High Request Forgery (6.4.9.3)
WordPress Plugin Google Analyticator Multiple CVE-2015-6238 CWE-79 High Cross-Site Scripting Vulnerabilities (6.4.9.5)
WordPress Plugin Google Analytics Dashboard High Multiple Unspecified Vulnerabilities (2.0.5)
WordPress Plugin Google Analytics Dashboard SQL CWE-89 High Injection (2.0.4)
WordPress Plugin Google Analytics MU Cross-Site CWE-352 High Request Forgery (2.3.1)
�64 Vulnerability Name CVE CWE Severity
WordPress Plugin Google Analytics Top Content CWE-79 High Widget Cross-Site Scripting (1.5.6)
WordPress Plugin Google Analytics by Yoast 404 CWE-79 High Error Page Cross-Site Scripting (3.2.4)
WordPress Plugin Google Analytics by Yoast Cross- CVE-2014-9174 CWE-79 High Site Scripting (5.1.2)
WordPress Plugin Google Analytics by Yoast Cross- CWE-79 High Site Scripting (5.4.4)
WordPress Plugin Google Analytics by Yoast CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (4.2.4)
WordPress Plugin Google Analytics by Yoast CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (5.3.3)
WordPress Plugin Google Analytics by Yoast CWE-79 CWE-2 High Multiple Vulnerabilities (5.3.2) 64
WordPress Plugin Google Calendar Events Cross- CVE-2014-7138 CWE-79 High Site Scripting (2.0.3.1)
WordPress Plugin Google Captcha (reCAPTCHA) by CWE-79 High BestWebSoft Cross-Site Scripting (1.05)
WordPress Plugin Google Captcha (reCAPTCHA) by CVE-2015-0890 CWE-254 High BestWebSoft Security Bypass (1.12)
WordPress Plugin Google Doc Embedder Arbitrary CVE-2012-4915 CWE-22 High File Disclosure (2.4.6)
WordPress Plugin Google Doc Embedder Cross-Site CVE-2015-1879 CWE-79 High Scripting (2.5.18)
WordPress Plugin Google Doc Embedder SQL CVE-2014-9173 CWE-89 High Injection (2.5.14)
WordPress Plugin Google Doc Embedder SQL CVE-2014-9173 CWE-89 High Injection (2.5.16)
WordPress Plugin Google Language Translator CWE-79 High Cross-Site Scripting (4.0.9)
WordPress Plugin Google Map Generator Cross- CWE-79 High Site Scripting (1.3.1)
WordPress Plugin Google Map SQL Injection (2.2.5) CWE-89 High
WordPress Plugin Google Maps Ready! Cross-Site CWE-352 High Request Forgery (1.1.5)
WordPress Plugin Google Maps Widget Cross-Site CWE-79 High Scripting (2.30)
WordPress Plugin Google Maps by BestWebSoft CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.2.1)
WordPress Plugin Google Maps in Posts Cross-Site CWE-79 High Scripting (1.5.3)
WordPress Plugin Google SEO Pressor for Rich CWE-79 High snippets Cross-Site Scripting (1.2.6)
WordPress Plugin Google Sitemap by BestWebSoft CWE-79 High Cross-Site Scripting (2.9.1)
WordPress Plugin Google XML Sitemaps Cross-Site CWE-79 High Scripting (4.0.8)
�65 Vulnerability Name CVE CWE Severity
WordPress Plugin Googmonify Multiple CWE-79 CWE-3 High Vulnerabilities (0.5.1) 52
WordPress Plugin Grand Flagallery-Photo Gallery CVE-2011-4624 CWE-79 High 'facebook.php' Cross-Site Scripting (1.56)
WordPress Plugin Grand Flagallery-Photo Gallery CWE-79 High 'flagshow.php' Cross-Site Scripting (1.57)
WordPress Plugin Grand Flagallery-Photo Gallery CWE-79 High 'skin' Parameter Cross-Site Scripting (1.72)
WordPress Plugin Grand Flagallery-Photo Gallery CWE-352 High Cross-Site Request Forgery (3.01)
WordPress Plugin Grand Flagallery-Photo Gallery CVE-2013-3261 CWE-79 High Cross-Site Scripting (2.70)
WordPress Plugin Grand Flagallery-Photo Gallery CVE-2014-8491 CWE-200 High Information Disclosure (4.24)
WordPress Plugin Grand Flagallery-Photo Gallery CWE-89 High SQL Injection (2.55)
WordPress Plugin Grapefile File Sharing CWE-434 High 'grapeupload.php' Arbitrary File Upload (1.1)
WordPress Plugin Gravity Forms Advanced File High Uploader Unspecified Vulnerability (1.18)
WordPress Plugin Gravity Forms Arbitrary File CWE-434 High Upload (1.8.19)
WordPress Plugin Gravity Forms Cross-Site CWE-79 High Scripting (1.9.15.11)
WordPress Plugin Gravity Forms Cross-Site CWE-79 High Scripting (1.9.5)
WordPress Plugin Gravity Forms SQL Injection CVE-2015-2260 CWE-89 High (1.9.3.5)
WordPress Plugin Gravity Upload Ajax Arbitrary File CVE-2014-4972 CWE-434 High Upload (1.1)
WordPress Plugin Greg's High Performance SEO CWE-79 High Cross-Site Scripting (1.6.1)
WordPress Plugin Groups Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.8.0)
WordPress Plugin Gwolle Guestbook Remote File CVE-2015-8351 CWE-98 High Inclusion (1.5.3)
WordPress Plugin HB AUDIO GALLERY LITE CWE-538 High Arbitrary File Download (1.0.0)
WordPress Plugin HD Webplayer Multiple SQL CWE-89 High Injection Vulnerabilities (1.1)
WordPress Plugin HDW Player (Video Player & CVE-2014-5180 CWE-89 High Video Gallery) SQL Injection (2.4.2)
WordPress Plugin HDW WordPress Video Gallery CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.2)
WordPress Plugin HK Exif Tags Cross-Site Scripting CVE-2014-100007 CWE-79 High (1.11)
WordPress Plugin HMS Testimonials Multiple Cross- CVE-2013-4240 CVE-2013-4241 CWE-79 CWE-3 High Site Scripting and Cross-Site Request Forgery 52 Vulnerabilities (2.0.10)
�66 Vulnerability Name CVE CWE Severity
WordPress Plugin HTML5 AV Manager for CWE-434 High WordPress 'custom.php' Arbitrary File Upload (0.2.7)
WordPress Plugin HTML5 Lyrics Karaoke Player CWE-79 High Cross-Site Scripting (1.06)
WordPress Plugin HTML5 MP3 Player with Playlist CVE-2014-9177 CWE-200 High Free Information Disclosure (2.6)
WordPress Plugin HTML5 Video Player with Playlist CVE-2014-4534 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.40)
WordPress Plugin HTML5 jQuery Audio Player CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.3)
WordPress Plugin Haiku minimalist audio player CVE-2013-1942 CWE-79 High Cross-Site Scripting (1.0.0)
WordPress Plugin Heat Trackr Cross-Site Scripting CWE-79 High (1.0)
WordPress Plugin Hero Maps Pro Cross-Site CWE-79 High Scripting (2.1.0)
WordPress Plugin Hide My WP Cross-Site Scripting CWE-79 High (4.51.1)
WordPress Plugin Hide My WP Cross-Site Scripting CWE-79 High (4.53)
WordPress Plugin History Collection Arbitrary File CWE-538 High Download (1.1.1)
WordPress Plugin Hitasoft FLV Player 'id' Parameter CWE-89 High SQL Injection (1.1)
WordPress Plugin Homepage SlideShow CWE-434 High 'upload.php' Arbitrary File Upload (2.0)
WordPress Plugin Hot Files:File Sharing and CVE-2014-4588 CWE-79 High Download Manager Cross-Site Scripting (1.0.0)
WordPress Plugin Htaccess by BestWebSoft Cross- CWE-79 High Site Scripting (1.4)
WordPress Plugin Hungred Post Thumbnail CWE-434 High 'hpt_file_upload.php' Arbitrary File Upload (2.1.9)
WordPress Plugin Hunk External Links Cross-Site CWE-79 High Scripting (3.0.5)
WordPress Plugin Husker Portfolio Cross-Site CWE-352 High Request Forgery (0.3)
WordPress Plugin I Recommend This SQL Injection CWE-89 High (3.7.2)
WordPress Plugin IBS Mappro Arbitrary File CVE-2015-5472 CWE-22 High Download (0.6)
WordPress Plugin IGIT Posts Slider Widget 'src' CWE-79 High Parameter Cross-Site Scripting (1.0)
WordPress Plugin IGIT Posts Slider Widget CVE-2011-4106 CWE-20 High TimThumb Arbitrary File Upload (1.1)
WordPress Plugin IGIT Related Posts With Thumb CVE-2011-4106 CWE-20 High Image After Posts TimThumb Arbitrary File Upload (3.9.7)
�67 Vulnerability Name CVE CWE Severity
WordPress Plugin IMDb Profile Widget Local File CWE-22 High Inclusion (1.0.8)
WordPress Plugin IMPress Listings Cross-Site CWE-79 High Scripting (2.0.1)
WordPress Plugin IP Ban Cross-Site Request CVE-2014-9413 CWE-352 High Forgery (1.2.3)
WordPress Plugin IP Blacklist Cloud Arbitrary File CWE-22 High Disclosure (3.42)
WordPress Plugin IP Logger 'map-details.php' SQL CWE-89 High Injection (3.0)
WordPress Plugin IWantOneButton CWE-89 High 'updateAJAX.php' SQL Injection (3.0.1)
WordPress Plugin IgnitionDeck Security Bypass CWE-264 High (1.1.6)
WordPress Plugin Image Export Arbitrary File CVE-2015-5609 CWE-22 High Download (1.1.0)
WordPress Plugin Image Gallery Cross-Site CWE-79 High Scripting (1.4.0)
WordPress Plugin Image Gallery Cross-Site CWE-79 High Scripting (1.5.1)
WordPress Plugin Image Gallery Cross-Site CWE-79 High Scripting (1.7.0)
WordPress Plugin Image Gallery SQL Injection CVE-2014-7153 CWE-89 High (1.0.6)
WordPress Plugin Image Gallery with Slideshow CWE-20 High 'upload-file.php' Arbitrary File Upload (1.5)
WordPress Plugin Image Metadata Cruncher CVE-2015-1614 CWE-79 CWE-3 High Multiple Vulnerabilities (1.8) 52
WordPress Plugin Image News slider 'upload.php' CVE-2012-4327 CWE-434 High Arbitrary File Upload (3.3)
WordPress Plugin Image Slider Cross-Site Scripting CWE-79 High (1.1.5)
WordPress Plugin Image Widget Unspecified High Vulnerability (4.1.2)
WordPress Plugin ImageDrop 'ImageDrop.php' CWE-89 High Blind SQL Injection (1.1.2)
WordPress Plugin Images Lazyload and Slideshow CWE-79 High Cross-Site Scripting (3.2)
WordPress Plugin ImmoPress Cross-Site Scripting CWE-79 High (0.0.4)
WordPress Plugin Import CSV Directory Traversal CWE-22 High (1.0)
WordPress Plugin Import CSV with Ultimate CSV CWE-22 High Importer Arbitrary File Disclosure (3.7)
WordPress Plugin Import CSV with Ultimate CSV High Importer Unspecified Vulnerability (3.7.2)
WordPress Plugin Import Legacy Media Cross-Site CVE-2014-4535 CWE-79 High Scripting (0.1)
�68 Vulnerability Name CVE CWE Severity
WordPress Plugin Import Woocommerce Cross-Site CWE-79 High Scripting (1.0.1)
WordPress Plugin Import a CSV with Ultimate CSV CWE-200 High Importer Information Disclosure (3.6.74)
WordPress Plugin Import any XML or CSV File to CWE-434 High WordPress Arbitrary File Upload (3.2.3)
WordPress Plugin Import any XML or CSV File to CWE-79 CWE-8 High WordPress Multiple Vulnerabilities (3.2.4) 9
WordPress Plugin Import any XML or CSV File to CWE-434 High WordPress Pro Arbitrary File Upload (4.1.0)
WordPress Plugin Import any XML or CSV File to CWE-79 CWE-8 High WordPress Pro Multiple Vulnerabilities (4.1.1) 9
WordPress Plugin Improved user search in backend CVE-2014-5196 CWE-352 High Cross-Site Request Forgery (1.2.4)
WordPress Plugin Imsanity Unspecified High Vulnerability (2.3.3)
WordPress Plugin InBoundio Marketing Arbitrary CWE-434 High File Upload (2.0.3)
WordPress Plugin Indexisto WordPress Site Search CWE-79 High Cross-Site Scripting (1.0.5)
WordPress Plugin Indieweb Post Kinds Cross-Site CWE-79 High Scripting (1.3.1)
WordPress Plugin InfiniteWP Client Security Bypass CWE-264 High (1.3.7)
WordPress Plugin InfiniteWP Client Unspecified High Vulnerability (1.3.14)
WordPress Plugin Infusionsoft Gravity Forms Add- CVE-2014-6446 CWE-94 High on Arbitrary File Upload (1.5.10)
WordPress Plugin Infusionsoft Gravity Forms Add- CWE-79 High on Cross-Site Scripting (1.5.11)
WordPress Plugin Infusionsoft Gravity Forms Add- CVE-2014-4536 CWE-79 High on Multiple Cross-Site Scripting Vulnerabilities (1.5.6)
WordPress Plugin Inline Gallery 'do' Parameter CWE-79 High Cross-Site Scripting (0.3.9 )
WordPress Plugin Instagram Plugin-InstaLinker CWE-79 High Cross-Site Scripting (1.1.1)
WordPress Plugin Instinct e-Commerce Arbitrary CVE-2008-6811 CWE-434 High File Upload (3.4)
WordPress Plugin Integrator 'redirect_to' Parameter CVE-2012-5913 CWE-79 High Cross-Site Scripting (1.32)
WordPress Plugin Invit0r 'ofc_upload_image.php' CWE-434 High Arbitrary File Upload (0.22)
WordPress Plugin Issuu Panel Local/Remote File CWE-98 High Inclusion (1.6)
WordPress Plugin IzeeChat-Live Chat Cross-Site CWE-79 High Scripting (1.0)
WordPress Plugin JC Coupon Cross-Site Scripting CVE-2013-1808 CWE-79 High (2.5)
�69 Vulnerability Name CVE CWE Severity
WordPress Plugin JM Twitter Cards Information CWE-200 High Disclosure (6.1)
WordPress Plugin JS MultiHotel Cross-Site Scripting CVE-2013-7419 CWE-79 High (2.2.1)
WordPress Plugin JS MultiHotel Multiple CVE-2014-100008 CVE-2014-100009 CWE-79 CWE-2 High Vulnerabilities (2.2.1) 00
WordPress Plugin JW Player 6 Cross-Site Scripting CWE-79 High (2.1.14)
WordPress Plugin JW Player for Flash & HTML5 CWE-352 High Video Cross-Site Request Forgery (2.1.11)
WordPress Plugin JW Player for Flash & HTML5 CVE-2014-4030 CWE-352 High Video Cross-Site Request Forgery (2.1.3)
WordPress Plugin Jammer Cross-Site Scripting (0.2) CVE-2013-1942 CWE-79 High
WordPress Plugin Jetpack by WordPress.com Cross- CWE-79 High Site Scripting (3.4.2)
WordPress Plugin Jetpack by WordPress.com Cross- CWE-79 High Site Scripting (3.5.2)
WordPress Plugin Jetpack by WordPress.com Cross- CWE-79 High Site Scripting (3.9.1)
WordPress Plugin Jetpack by WordPress.com CWE-79 CWE-2 High Multiple Vulnerabilities (3.7.0) 00
WordPress Plugin Jetpack by WordPress.com CVE-2014-0173 CWE-264 High Security Bypass (2.9.2)
WordPress Plugin Jigoshop Information Disclosure CWE-200 High (1.17.9)
WordPress Plugin Jigoshop Unspecified High Vulnerability (1.10.5)
WordPress Plugin Jigoshop-Store Toolkit Privilege CWE-264 High Escalation (1.3.7)
WordPress Plugin Jigoshop-Store Toolkit Privilege CWE-264 High Escalation (1.3.8)
WordPress Plugin Job Board by BestWebSoft Cross- CWE-79 High Site Scripting (1.0.0)
WordPress Plugin Job Manager Cross-Site Scripting CVE-2015-2321 CWE-79 High (0.7.22)
WordPress Plugin Job Manager Cross-Site Scripting CWE-79 High (0.7.24)
WordPress Plugin Job Manager Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (0.7.18)
WordPress Plugin Job Manager Security Bypass CVE-2015-6668 CWE-287 High (0.7.25)
WordPress Plugin Js-appointment 'searchdata.php' CWE-89 High SQL Injection (1.5)
WordPress Plugin Juiz Social Post Sharer Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.3.3.7)
WordPress Plugin KBoard Multiple Vulnerabilities CWE-79 CWE-8 High (3.3) 9
�70 Vulnerability Name CVE CWE Severity
WordPress Plugin KNR Author List Widget CWE-89 High 'listItem[]' Parameter SQL Injection (2.0.0)
WordPress Plugin Katalyst TimThumb CWE-434 High 'timthumb.php' Arbitrary File Upload (1.0)
WordPress Plugin Kento Post View Counter CWE-79 CWE-3 High Multiple Vulnerabilities (2.8) 52
WordPress Plugin Keyring Cross-Site Scripting (1.5) CWE-79 High
WordPress Plugin Keyword Strategy Internal Links CVE-2014-4537 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.0)
WordPress Plugin Kimili Flash Embed Unspecified High Vulnerability (2.2.1)
WordPress Plugin Kindeditor For WordPress Cross- CWE-79 High Site Scripting (1.3.3)
WordPress Plugin Kino Gallery TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (1.0)
WordPress Plugin Kish Guest Posting CVE-2012-1125 CVE-2012-5318 CWE-434 High 'uploadify.php' Arbitrary File Upload (1.2)
WordPress Plugin Kiwi Logo Carousel Cross-Site CWE-79 High Scripting (1.7.1)
WordPress Plugin Knews Multilingual Newsletters CWE-79 High 'ff' Parameter Cross-Site Scripting (1.1.0)
WordPress Plugin Knews Multilingual Newsletters CWE-352 High Cross-Site Request Forgery (1.2.5)
WordPress Plugin Knews Multilingual Newsletters CWE-89 High SQL Injection (1.7.0)
WordPress Plugin LB Mixed Slideshow 'upload.php' CWE-434 High Arbitrary File Upload (1.0)
WordPress Plugin LB Tube Video for WordPress CWE-79 High Cross-Site Scripting (1.0)
WordPress Plugin LISL Last-Image Slider TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (1.0)
WordPress Plugin Last.fm Rotation Local File CVE-2014-5181 CWE-22 High Inclusion (1.0)
WordPress Plugin LayerSlider Responsive CWE-352 High WordPress Slider Cross-Site Request Forgery (4.6.1)
WordPress Plugin Lazy SEO Arbitrary File Upload CVE-2013-5961 CWE-434 High (1.3.2)
WordPress Plugin Lazyest Backup 'xml_or_all' CVE-2011-5264 CWE-79 High Parameter Cross-Site Scripting (0.2.1)
WordPress Plugin Lazyest Gallery 'image' CWE-79 High Parameter Cross-Site Scripting (1.0.28 )
WordPress Plugin Lazyest Gallery EXIF Code Cross- CVE-2014-2333 CWE-79 High Site Scripting (1.1.20)
WordPress Plugin Leaflet 'id' Parameter Cross-Site CVE-2012-2913 CWE-79 High Scripting (0.0.1)
WordPress Plugin Leaflet Maps Marker (Google CWE-79 High Maps, OpenStreetMap, Bing Maps) Multiple Cross- Site Scripting Vulnerabilities (3.9.8)
�71 Vulnerability Name CVE CWE Severity
WordPress Plugin Leaflet Maps Marker (Google CWE-79 CWE-8 High Maps, OpenStreetMap, Bing Maps) Multiple 9 Vulnerabilities (2.3)
WordPress Plugin Leaflet Maps Marker Pro (Google CWE-79 High Maps, OpenStreetMap, Bing Maps) Multiple Cross- Site Scripting Vulnerabilities (2.3)
WordPress Plugin Leaflet Maps Marker Pro Multiple CWE-22 CWE-7 High Vulnerabilities (1.5.7) 9 CWE-434
WordPress Plugin LeagueManager Multiple Cross- CVE-2012-2912 CWE-79 High Site Scripting Vulnerabilities (3.7)
WordPress Plugin LeagueManager Multiple SQL CWE-89 High Injection Vulnerabilities (3.9.1.1)
WordPress Plugin LeagueManager SQL Injection CVE-2013-1852 CWE-89 High (3.8)
WordPress Plugin Let Them Unsubscribe Multiple High Unspecified Vulnerabilities (1.0)
WordPress Plugin Light Post 'abspath' Parameter CWE-94 High Remote File Include (1.4)
WordPress Plugin Lightbox Photo Gallery Cross-Site CVE-2014-9441 CWE-352 High Request Forgery (1.0)
WordPress Plugin Like Dislike Counter SQL CWE-89 High Injection (1.2.3)
WordPress Plugin Lim4wp 'upload.php' Arbitrary CWE-434 High File Upload (1.1.1)
WordPress Plugin Limit Attempts by BestWebSoft CWE-79 CWE-3 High Multiple Vulnerabilities (1.0.3) 52
WordPress Plugin Limit Attempts by BestWebSoft CWE-89 High SQL Injection (1.1.0)
WordPress Plugin Limit Login Attempts Security CWE-264 High Bypass (1.7.0)
WordPress Plugin Link Library 'id' Parameter Cross- CWE-79 CWE-8 High Site Scripting and SQL Injection Vulnerabilities 9 (5.0.8)
WordPress Plugin Link Library 'searchll' Parameter CWE-89 High SQL Injection (5.2.1)
WordPress Plugin Link Library Cross-Site Scripting CWE-79 High (5.8.10.6)
WordPress Plugin Link Library Cross-Site Scripting CWE-79 High (5.9.5.5)
WordPress Plugin Live Comment Preview Cross-Site CWE-79 High Scripting (2.0.2)
WordPress Plugin Live Forms-Visual Form Builder CWE-89 High SQL Injection (3.0.1)
WordPress Plugin LiveGrounds 'uid' Parameter CWE-79 High Cross-Site Scripting (0.42)
WordPress Plugin LiveSig 'wp-root' Parameter CWE-94 High Remote File Include (0.4)
WordPress Plugin Livefyre Comments 3 Cross-Site CWE-79 High Scripting (4.1.4)
�72 Vulnerability Name CVE CWE Severity
WordPress Plugin Local Market Explorer 'api-key' CWE-79 High Parameter Cross-Site Scripting (3.1.1)
WordPress Plugin Local Weather Cross-Site CVE-2014-4561 CWE-79 High Scripting (1.0)
WordPress Plugin Lockdown WP Admin High Unspecified Vulnerability (1.1.2)
WordPress Plugin Login Security Solution Multiple High Unspecified Vulnerabilities (0.50.0)
WordPress Plugin Login Widget With Shortcode CVE-2014-6312 CWE-352 High Cross-Site Request Forgery (3.1.1)
WordPress Plugin Login With Ajax Cross-Site CVE-2013-2707 CWE-352 High Request Forgery (3.0.4.1)
WordPress Plugin Login With Ajax Cross-Site CVE-2012-2759 CVE-2012-4283 CWE-79 High Scripting (3.0.4)
WordPress Plugin Login With Ajax Security Bypass CWE-284 High (3.1.2)
WordPress Plugin Login rebuilder Cross-Site CVE-2014-3882 CWE-352 High Request Forgery (1.1.3)
WordPress Plugin MAC PHOTO GALLERY 'albid' CWE-22 High Parameter Arbitrary File Disclosure (2.8)
WordPress Plugin MAC PHOTO GALLERY CWE-79 High 'macalbajax.php' Multiple Cross-Site Scripting Vulnerabilities (2.10)
WordPress Plugin MAC PHOTO GALLERY 'upload- CWE-434 High file.php' Arbitrary File Upload (2.7)
WordPress Plugin MAC PHOTO GALLERY Multiple CWE-285 High Security Bypass Vulnerabilities (3.0)
WordPress Plugin MATRIX 3D Cross-Site Scripting CWE-79 High (1.2)
WordPress Plugin MDC Private Message Cross-Site CVE-2015-6805 CWE-79 High Scripting (1.0.0)
WordPress Plugin MDC YouTube Downloader Local CVE-2015-5469 CWE-22 High File Inclusion (2.1.0)
WordPress Plugin MF Gig Calendar 'page_id' CVE-2012-4242 CWE-79 High Parameter Cross-Site Scripting (0.9.4.1)
WordPress Plugin MM Duplicate 'index.php' SQL CWE-89 High Injection (1.2)
WordPress Plugin MM Forms Community CVE-2012-3574 CWE-434 High 'doajaxfileupload.php' Arbitrary File Upload (2.2.6)
WordPress Plugin MM Forms Community CWE-89 High 'edit_details.php' SQL Injection (1.2.3)
WordPress Plugin MP3-jPlayer Cross-Site Scripting CVE-2013-1942 CWE-79 High (1.8.3)
WordPress Plugin MP3-jPlayer Information CWE-200 High Disclosure (2.3.2)
WordPress Plugin MP3-jPlayer Local File Disclosure CWE-538 High (2.3)
WordPress Plugin MP3-jPlayer Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.8.11)
�73 Vulnerability Name CVE CWE Severity
WordPress Plugin MP3-jPlayer Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.8.7)
WordPress Plugin MW Font Changer Cross-Site CWE-79 High Scripting (4.2.5)
WordPress Plugin MW WP Form Cross-Site CWE-79 High Scripting (1.7.1)
WordPress Plugin Magic Fields 2 Unspecified High Vulnerability (2.3.2.2)
WordPress Plugin Magn WP Drag and Drop Upload CWE-20 High Arbitrary File Upload (1.1.4)
WordPress Plugin Mail On Update Cross-Site CVE-2013-2107 CWE-352 High Request Forgery (5.1.0)
WordPress Plugin Mail Subscribe List Unspecified High Vulnerability (2.0.9)
WordPress Plugin MailCWP Arbitrary File Upload CWE-434 High (1.99)
WordPress Plugin MailChimp List Subscribe Form High Multiple Unspecified Vulnerabilities (1.1)
WordPress Plugin MailChimp for WordPress Cross- CWE-79 High Site Scripting (2.2.7)
WordPress Plugin MailPoet Newsletters CVE-2012-3414 CWE-79 High 'swfupload.swf' Cross-Site Scripting (2.1.6)
WordPress Plugin MailPoet Newsletters Arbitrary CVE-2014-4725 CVE-2014-4726 CWE-434 High File Upload (2.6.7)
WordPress Plugin MailPoet Newsletters Cross-Site CVE-2014-3907 CWE-352 High Request Forgery (2.6.10)
WordPress Plugin MailPoet Newsletters Cross-Site CWE-79 High Scripting (2.6.11)
WordPress Plugin MailPoet Newsletters Cross-Site CWE-79 High Scripting (2.6.19)
WordPress Plugin MailUp newsletter sign-up form CVE-2013-0731 CVE-2013-2640 CWE-264 High Security Bypass (1.3.2)
WordPress Plugin Mailing List 'dl.php' Arbitrary File CWE-22 High Download (1.4.1)
WordPress Plugin Mailing List 'wpabspath' CWE-94 High Parameter Remote File Include (1.3.3)
WordPress Plugin MainWP Child Cross-Site CWE-79 High Scripting (2.0.12)
WordPress Plugin MainWP Child Security Bypass CWE-264 High (2.0.9.1)
WordPress Plugin MainWP Child Unspecified High Vulnerability (2.0.27)
WordPress Plugin MainWP Unspecified High Vulnerability (2.0.22)
WordPress Plugin Maintenance Mode Unspecified High Vulnerability (1.3.3)
WordPress Plugin Malware Finder Cross-Site CVE-2014-4538 CWE-79 High Scripting (1.1)
�74 Vulnerability Name CVE CWE Severity
WordPress Plugin Manage Calameo Publications by CWE-79 High Athlon Cross-Site Scripting (1.1.0)
WordPress Plugin ManageWP Worker Unspecified High Vulnerability (4.1.7)
WordPress Plugin Manual Image Crop Cross-Site CWE-79 High Scripting (1.10)
WordPress Plugin Marekkis Watermark Cross-Site CVE-2013-1758 CWE-79 High Scripting (0.9.1)
WordPress Plugin Mashshare-Social Media Icons CWE-200 High SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)
WordPress Plugin Master Slider-Responsive Touch CWE-89 High Slider SQL Injection (2.5.1)
WordPress Plugin Master Slider-Responsive Touch High Slider Unspecified Vulnerability (2.18.2)
WordPress Plugin MathJax-LaTeX Cross-Site CWE-352 High Request Forgery (1.1)
WordPress Plugin Matrix Gallery 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin MaxBlogPress Max Banner Ads CWE-79 High Cross-Site Scripting (1.9)
WordPress Plugin MaxButtons:WordPress Button CVE-2014-7181 CWE-79 High Generator Cross-Site Scripting (1.26.0)
WordPress Plugin MaxButtons:WordPress Button CWE-79 High Generator Multiple Cross-Site Scripting Vulnerabilities (1.36)
WordPress Plugin MaxButtons:WordPress Button CWE-264 High Generator Security Bypass (1.19.0)
WordPress Plugin Media File Manager Advanced CWE-79 CWE-8 High Multiple Vulnerabilities (1.1.5) 9 CWE-264
WordPress Plugin Media File Renamer Cross-Site CVE-2014-2040 CWE-79 High Scripting (1.7.0)
WordPress Plugin Media Library Categories 'termid' CWE-89 High Parameter SQL Injection (1.0.6)
WordPress Plugin Media Library Categories CVE-2012-6630 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
WordPress Plugin MediaRSS external gallery CVE-2011-4106 CWE-20 High TimThumb Arbitrary File Upload (0.1)
WordPress Plugin Member Approval Cross-Site CVE-2014-3850 CWE-352 High Request Forgery (131109)
WordPress Plugin Membership 2 Unspecified High Vulnerability (4.0.0.2)
WordPress Plugin Memphis Documents Library CWE-538 High Arbitrary File Download (3.1.5)
WordPress Plugin Menu Creator CWE-89 High 'updateSortOrder.php' SQL Injection (1.1.7)
WordPress Plugin Meta Slider Cross-Site Scripting CVE-2014-4846 CWE-79 High (2.6.2)
�75 Vulnerability Name CVE CWE Severity
WordPress Plugin Meta Slider Information CWE-200 High Disclosure (3.3.1)
WordPress Plugin Microblog Poster SQL Injection CWE-89 High (1.6.0)
WordPress Plugin Microblog Poster SQL Injection CWE-89 High (1.6.1)
WordPress Plugin Mikiurl WordPress Eklentisi CVE-2014-9337 CWE-352 High Cross-Site Request Forgery (2.0)
WordPress Plugin Mingle Forum 'edit_post_id' CWE-89 High Parameter SQL Injection (1.0.31)
WordPress Plugin Mingle Forum Cross-Site CWE-79 High Scripting (1.0.28 )
WordPress Plugin Mingle Forum Multiple Cross-Site CVE-2013-0736 CWE-352 High Request Forgery Vulnerabilities (1.0.34)
WordPress Plugin Mingle Forum Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.0.33)
WordPress Plugin Mingle Forum Multiple Cross-Site CVE-2012-5327 CVE-2012-5328 CWE-79 CWE-8 High Scripting and SQL Injection Vulnerabilities (1.0.32.1) 9
WordPress Plugin Mingle Forum Multiple CVE-2013-0734 CVE-2013-0735 CWE-79 CWE-8 High Vulnerabilities (1.0.33.3) 9
WordPress Plugin Mingle Forum SQL Injection and CWE-89 CWE-4 High Security Bypass Vulnerabilities (1.0.26 ) 25
WordPress Plugin Mini Mail Dashboard Widget CWE-94 High 'abspath' Parameter Remote File Include (1.36)
WordPress Plugin Mini Mail Dashboard Widget CVE-2012-2583 CWE-79 High Cross-Site Scripting (1.42)
WordPress Plugin MiniMax-Page Layout Builder CWE-94 High Arbitrary File Upload (1.7.1)
WordPress Plugin MiniMax-Page Layout Builder CWE-79 High Cross-Site Scripting (1.3.4)
WordPress Plugin MiniMax-Page Layout Builder CWE-79 High Cross-Site Scripting (1.9.3)
WordPress Plugin Missed Schedule Fix WP Failed High Future Posts Multiple Unspecified Vulnerabilities (2014.1231.2015.4)
WordPress Plugin MiwoEvents-Manage & Book High Events Unspecified Vulnerability (1.2.0)
WordPress Plugin MiwoFTP-File & Folder Manager CWE-538 High Arbitrary File Disclosure (1.0.4)
WordPress Plugin MiwoFTP-File & Folder Manager CWE-538 High Arbitrary File Download (1.0.5)
WordPress Plugin MiwoFTP-File & Folder Manager CWE-73 CWE-7 High Multiple Vulnerabilities (1.0.5) 9 CWE-94 CWE- 352
WordPress Plugin Mobile Domain Multiple CVE-2015-1581 CWE-79 CWE-3 High Vulnerabilities (1.5.2) 52
WordPress Plugin MobileChief-Mobile Site Builder CWE-79 High Cross-Site Scripting (1.5.7)
�76 Vulnerability Name CVE CWE Severity
WordPress Plugin MobileView by ColorLabs & CVE-2013-1808 CWE-79 High Company Cross-Site Scripting (1.0.7)
WordPress Plugin Mobiloud-Native Mobile Apps for CVE-2014-5344 CWE-79 High your WordPress site (iPhone, iPad, Android) Multiple Cross-Site Scripting Vulnerabilities (2.3.7)
WordPress Plugin Monarch Social Sharing Security CWE-264 High Bypass (1.2.6)
WordPress Plugin Monetize Multiple Vulnerabilities CWE-79 CWE-3 High (1.03) 52
WordPress Plugin Monsters Editor for WP Super CWE-434 High Edit Arbitrary File Upload (1.1)
WordPress Plugin MoodThingy Mood Rating Widget CWE-89 High 'postID' Parameter Blind SQL Injection (0.8.7)
WordPress Plugin MoodThingy Mood Rating Widget CWE-89 High SQL Injection (0.9.1)
WordPress Plugin More Fields Cross-Site Request CWE-352 High Forgery (2.1)
WordPress Plugin Movies Cross-Site Scripting (0.6) CVE-2014-4539 CWE-79 High
WordPress Plugin MukioPlayer SQL Injection (1.6) CWE-89 High
WordPress Plugin Multi Plugin Installer Arbitrary CWE-538 High File Disclosure (1.1.0)
WordPress Plugin Multi Rating Multiple Unspecified High Vulnerabilities (3.2.1)
WordPress Plugin Multicons [Multiple Favicons] CWE-79 High Cross-Site Scripting (2.1)
WordPress Plugin Multisite Global Search CWE-79 High 'mssearch' Parameter Cross-Site Scripting (1.2.5)
WordPress Plugin Multisite Plugin Manager CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.1.1)
WordPress Plugin Music Store Cross-Site Scripting CWE-79 High (1.0.41)
WordPress Plugin Music Store Open Redirect CWE-601 High (1.0.14)
WordPress Plugin Music Store Unspecified High Vulnerability (1.0.20)
WordPress Plugin My Calendar Cross-Site Scripting CWE-79 High (2.3.28)
WordPress Plugin My Calendar Multiple Cross-Site CVE-2012-6527 CWE-79 High Scripting Vulnerabilities (1.10.1)
WordPress Plugin My Calendar Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.3.9)
WordPress Plugin My Calendar Multiple CWE-23 CWE-7 High Vulnerabilities (2.3.29) 9
WordPress Plugin My Category Order 'parentID' CVE-2009-4748 CWE-89 High Parameter SQL Injection (2.8)
WordPress Plugin My Category Order Cross-Site CWE-79 High Scripting (4.3)
�77 Vulnerability Name CVE CWE Severity
WordPress Plugin My Link Order Cross-Site CWE-79 High Scripting (4.3)
WordPress Plugin My Page Order Cross-Site CWE-79 High Scripting (4.3)
WordPress Plugin My Wish List Cross-Site Scripting CWE-79 High (1.4.1)
WordPress Plugin MyBlogU Cross-Site Scripting CWE-79 High (0.0.7)
WordPress Plugin MyBookTable Bookstore by High Author Media Unspecified Vulnerability (2.1.4)
WordPress Plugin MyLiveChat-Free Live Chat Plugin CWE-79 High for WordPress Cross-Site Scripting (2.0.1)
WordPress Plugin MyPixs Local File Inclusion (0.3) CWE-22 High
WordPress Plugin MyThemeShop Theme/Plugin CWE-79 High Updater Cross-Site Scripting (1.2.3)
WordPress Plugin Myftp SQL Injection (2.0) CWE-89 High
WordPress Plugin Mz-jajak 'id' Parameter SQL CWE-89 High Injection (2.1)
WordPress Plugin N-Media Website Contact Form CWE-434 High with File Upload Arbitrary File Upload (1.3.4)
WordPress Plugin N-Media Website Contact Form CWE-22 High with File Upload Local File Inclusion (1.5)
WordPress Plugin NEX-Forms Lite-WordPress CVE-2014-7151 CWE-79 High Contact Form builder Cross-Site Scripting (2.1.0)
WordPress Plugin NEX-Forms-Ultimate Form CWE-89 High builder Multiple SQL Injection Vulnerabilities (4.0)
WordPress Plugin NEX-Forms-Ultimate Form CWE-89 High builder SQL Injection (3.0)
WordPress Plugin NOSpamPTI SQL Injection (2.1) CVE-2013-5917 CWE-89 High
WordPress Plugin NS Utilities Unspecified High Vulnerability (1.0)
WordPress Plugin Navis DocumentCloud Cross-Site CVE-2015-2807 CWE-79 High Scripting (0.1)
WordPress Plugin Network Publisher CWE-79 High 'networkpub_key' Parameter Cross-Site Scripting (5.0.1)
WordPress Plugin Neuvoo Jobs Cross-Site Scripting CWE-79 High (2.0)
WordPress Plugin New Year Firework Cross-Site CWE-79 High Scripting (1.1.9)
WordPress Plugin NewStatPress Cross-Site CWE-79 High Scripting (1.0.3)
WordPress Plugin NewStatPress Cross-Site CWE-79 High Scripting (1.0.5)
WordPress Plugin NewStatPress Multiple CVE-2015-4062 CVE-2015-4063 CWE-79 CWE-8 High Vulnerabilities (0.9.8) 9
WordPress Plugin NewStatPress Multiple CWE-79 CWE-8 High Vulnerabilities (1.0.4) 9
�78 Vulnerability Name CVE CWE Severity
WordPress Plugin Newsletter Cross-Site Scripting CWE-79 High (3.2.6)
WordPress Plugin Newsletter Manager Multiple CVE-2012-6627 CVE-2012-6628 CWE-79 High Cross-Site Scripting Vulnerabilities (1.0.1)
WordPress Plugin Newsletter Meenews 'idnews' CWE-79 High Parameter Cross-Site Scripting (5.1.0)
WordPress Plugin Newsletter Open Redirect CWE-601 High (2.6.4.4)
WordPress Plugin Newsletter Open Redirect (3.7.0) CWE-601 High
WordPress Plugin Newsletter SQL Injection (3.0.8) CWE-89 High
WordPress Plugin NextCellent Gallery-NextGEN CVE-2014-3123 CWE-79 High Legacy Cross-Site Scripting (1.9.17)
WordPress Plugin NextCellent Gallery-NextGEN CWE-79 High Legacy Cross-Site Scripting (1.9.27)
WordPress Plugin NextGEN Gallery 'Gallery Path' CWE-79 High Field Cross-Site Scripting (1.9.5)
WordPress Plugin NextGEN Gallery 'nggallery- CVE-2008-7175 CWE-79 High manage-gallery' HTML Injection (0.96)
WordPress Plugin NextGEN Gallery 'swfupload.swf' CVE-2012-3414 CWE-79 High Cross-Site Scripting (1.9.7)
WordPress Plugin NextGEN Gallery 'xml/media- CVE-2010-1186 CWE-79 High rss.php' Cross-Site Scripting (1.5.1)
WordPress Plugin NextGEN Gallery Arbitrary File CVE-2013-3684 CWE-434 High Upload (1.9.12)
WordPress Plugin NextGEN Gallery Arbitrary File CWE-434 High Upload (2.1.10)
WordPress Plugin NextGEN Gallery Cross-Site CWE-79 High Scripting and Cross-Site Request Forgery Vulnerabilities (1.8.3)
WordPress Plugin NextGEN Gallery Directory CWE-22 High Traversal (2.0.0)
WordPress Plugin NextGEN Gallery Directory CWE-22 High Traversal (2.1.9)
WordPress Plugin NextGEN Gallery Information CVE-2013-0291 CWE-200 High Disclosure (1.9.11)
WordPress Plugin NextGEN Gallery Local File CWE-22 High Inclusion (2.1.7)
WordPress Plugin NextGEN Gallery Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (2.0.66.16)
WordPress Plugin NextGEN Gallery Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (2.1.20)
WordPress Plugin NextGEN Gallery Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (2.1.9)
WordPress Plugin NextGEN Gallery Multiple HTML CWE-79 High Injection Vulnerabilities (1.9.0)
WordPress Plugin NextGEN Gallery Multiple CVE-2015-1784 CVE-2015-1785 CWE-352 CWE- High Vulnerabilities (2.0.77) 434
�79 Vulnerability Name CVE CWE Severity
WordPress Plugin NextGEN Gallery Unspecified High Vulnerability (2.0.77.3)
WordPress Plugin NextGEN Smooth Gallery CWE-89 High 'galleryID' Parameter SQL Injection (1.2)
WordPress Plugin NextScripts:Social Networks CWE-79 High Auto-Poster Cross-Site Scripting (3.4.17)
WordPress Plugin Nextend Facebook Connect CVE-2014-8800 CWE-79 High Cross-Site Scripting (1.5.0)
WordPress Plugin Nextend Facebook Connect CVE-2015-4413 CWE-79 High Cross-Site Scripting (1.5.5)
WordPress Plugin Nextend Facebook Connect High Unspecified Vulnerability (1.5.7)
WordPress Plugin Nextend Google Connect Cross- CWE-79 High Site Scripting (1.5.0)
WordPress Plugin Nextend Google Connect Cross- CVE-2015-4557 CWE-79 High Site Scripting (1.5.2)
WordPress Plugin Nextend Twitter Connect Cross- CWE-79 High Site Scripting (1.5.0)
WordPress Plugin Nextend Twitter Connect Cross- CVE-2015-4557 CWE-79 High Site Scripting (1.5.1)
WordPress Plugin Nginx Helper Cross-Site Scripting CWE-79 High (1.8.9)
WordPress Plugin Ninja Announcements Lite CWE-89 High 'ninja_annc.php' SQL Injection (1.2.3)
WordPress Plugin Ninja Forms Cross-Site Request CWE-352 High Forgery (2.7.7)
WordPress Plugin Ninja Forms Cross-Site Scripting CVE-2014-8815 CWE-79 High (2.8.6)
WordPress Plugin Ninja Forms Cross-Site Scripting CWE-79 High (2.9.10)
WordPress Plugin Ninja Forms Cross-Site Scripting CWE-79 High (2.9.18)
WordPress Plugin Ninja Forms Cross-Site Scripting CWE-79 High (2.9.28)
WordPress Plugin Ninja Forms Cross-Site Scripting CWE-79 High (2.9.31)
WordPress Plugin Ninja Forms Multiple Cross-Site CVE-2015-2220 CWE-79 High Scripting Vulnerabilities (2.8.8)
WordPress Plugin Ninja Forms Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.9.21)
WordPress Plugin Ninja Forms SQL Injection CWE-89 High (2.9.29)
WordPress Plugin Ninja Forms Unspecified CVE-2014-9688 High Vulnerability (2.8.9)
WordPress Plugin Ninja Forms Unspecified High Vulnerability (2.9.24)
WordPress Plugin Nmedia MailChimp Widget CWE-94 High 'abs_path' Parameter Remote File Include (3.1)
�80 Vulnerability Name CVE CWE Severity
WordPress Plugin Nmedia WordPress Member CVE-2012-3577 CWE-264 High Conversation 'doupload.php' Arbitrary File Upload (1.3)
WordPress Plugin Nokia Maps & Places Cross-Site CVE-2014-1750 CWE-79 High Scripting (1.6.6)
WordPress Plugin Notices Ticker Cross-Site Request CWE-352 High Forgery (5.0)
WordPress Plugin O2Tweet Cross-Site Request CVE-2014-9338 CWE-352 High Forgery (0.0.4)
WordPress Plugin OMFG Mobile Pro Cross-Site CVE-2014-4541 CWE-79 High Scripting (1.1.26)
WordPress Plugin OPS Old Post Spinner 'ops_file' CWE-22 High Parameter Local File Include (2.2.1)
WordPress Plugin Occasions Cross-Site Request CWE-352 High Forgery (1.0.4)
WordPress Plugin OdiHost Newsletter CWE-89 High 'openstat.php' SQL Injection (1.0)
WordPress Plugin Oleggo LiveStream Cross-Site CVE-2014-4540 CWE-79 High Scripting (0.2.6)
WordPress Plugin Olevmedia Shortcodes Cross-Site CWE-79 High Scripting (1.1.8)
WordPress Plugin Omni Secure Files 'upload.php' CWE-434 High Arbitrary File Upload (0.1.13)
WordPress Plugin Onclick show popup Cross-Site CWE-79 High Scripting (6.5)
WordPress Plugin OnePress Social Locker Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (4.2.0)
WordPress Plugin OnePress Social Locker Multiple High Unspecified Vulnerabilities (4.2.5)
WordPress Plugin Ooorl Cross-Site Scripting (1.0.0) CVE-2014-4542 CWE-79 High
WordPress Plugin OptinMonster-Best WordPress CWE-264 High Popup and Lead Generation Security Bypass (1.1.4.5)
WordPress Plugin OptionTree Cross-Site Scripting CWE-79 High (2.5.3)
WordPress Plugin OptionTree Cross-Site Scripting CWE-79 High (2.5.5)
WordPress Plugin Organizer Multiple Cross-Site CVE-2012-6511 CVE-2012-6512 CWE-79 CWE-2 High Scripting and Information Disclosure Vulnerabilities 00 (1.2.1)
WordPress Plugin Our Team Showcase Cross-Site CVE-2014-9523 CWE-352 High Request Forgery (1.2)
WordPress Plugin P3 (Plugin Performance Profiler) CWE-79 High Cross-Site Scripting (1.5.3.8)
WordPress Plugin PAYPAL CURRENCY CONVERTER CWE-538 High BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)
WordPress Plugin PDF & Print Button Joliprint CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.3.0)
�81 Vulnerability Name CVE CWE Severity
WordPress Plugin PDF & Print by BestWebSoft CWE-79 High Cross-Site Scripting (1.7.4)
WordPress Plugin PDW Media File Browser CWE-434 High 'upload.php' Arbitrary File Upload (1.1)
WordPress Plugin PG Flash Gallery Cross-Site CWE-79 High Scripting (4.1.1)
WordPress Plugin PHP Event Calendar for CWE-434 High WordPress Arbitrary File Upload (1.5)
WordPress Plugin PHP Speedy CWE-94 High 'admin_container.php' Remote PHP Code Execution (0.5.2)
WordPress Plugin PHPFreeChat 'url' Parameter CWE-79 High Cross-Site Scripting (0.2.8)
WordPress Plugin PICA Photo Gallery 'imgname' CWE-22 High Parameter Information Disclosure (1.0)
WordPress Plugin PICA Photo Gallery CWE-434 High 'picaPhotosResize.php' Arbitrary File Upload (1.0)
WordPress Plugin PICA Photo Gallery SQL Injection CWE-89 High (1.0)
WordPress Plugin PIKLIST-Rapid development CWE-79 High framework Cross-Site Scripting (0.9.4.25)
WordPress Plugin PWG Random Cross-Site Request CVE-2014-9394 CWE-352 High Forgery (1.11)
WordPress Plugin Page Builder by SiteOrigin Cross- CWE-79 High Site Scripting (2.0.4)
WordPress Plugin Page Flip Image Gallery 'book_id' CVE-2008-5752 CWE-22 High Parameter Remote File Disclosure (0.2.2)
WordPress Plugin Page Restrict Cross-Site Scripting CWE-79 High (2.2.1)
WordPress Plugin Page Restrict Open Redirect CWE-601 High (2.2.3)
WordPress Plugin Page Showcaser Boxes Cross-Site CWE-79 High Scripting (1.1)
WordPress Plugin Paid Business Listings Blind SQL CWE-89 High Injection (1.0.2)
WordPress Plugin Paid Downloads 'download_key' CWE-89 High Parameter SQL Injection (2.01)
WordPress Plugin Paid Memberships Pro CWE-538 High 'memberslist-csv.php' Information Disclosure (1.4.9)
WordPress Plugin Paid Memberships Pro Directory CVE-2014-8801 CWE-22 High Traversal (1.7.14.2)
WordPress Plugin Paid Memberships Pro Multiple CVE-2015-5532 CWE-79 High Cross-Site Scripting Vulnerabilities (1.8.4.2)
WordPress Plugin Participants Database SQL CVE-2014-3961 CWE-89 High Injection (1.5.4.8)
WordPress Plugin Password Protected Open CWE-601 High Redirect (1.4)
�82 Vulnerability Name CVE CWE Severity
WordPress Plugin Password Protected Unspecified High Vulnerability (2.0)
WordPress Plugin Pay Per Media Player Multiple CVE-2014-4543 CWE-79 High Cross-Site Scripting Vulnerabilities (1.24)
WordPress Plugin Pay With Tweet SQL Injection CVE-2012-5349 CVE-2012-5350 CWE-89 High and Cross-Site Scripting Vulnerabilities (1.1)
WordPress Plugin PayPal Digital Goods powered by CVE-2013-1808 CWE-79 High Cleeng Cross-Site Scripting (2.2.13)
WordPress Plugin PayPal WP Button Manager SQL CWE-89 High Injection (0.1.1)
WordPress Plugin Payment Form for PayPal Pro CVE-2015-7666 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.0.1)
WordPress Plugin Payment Gateways Caller for WP CWE-22 High e-Commerce Local File Inclusion (0.1)
WordPress Plugin Persian Woocommerce SMS CWE-79 High Cross-Site Scripting (3.3.2)
WordPress Plugin Peter's Math Anti-Spam Audio CVE-2008-7216 CWE-264 High CAPTCHA Security Bypass (0.1.6)
WordPress Plugin Photo Gallery Arbitrary File CVE-2014-9312 CWE-434 High Upload (1.2.5)
WordPress Plugin Photo Gallery Cross-Site Scripting CVE-2015-2324 CWE-79 High (1.2.12)
WordPress Plugin Photo Gallery Multiple Cross-Site CVE-2014-6315 CWE-79 High Scripting Vulnerabilities (1.1.30)
WordPress Plugin Photo Gallery Multiple CVE-2015-1393 CVE-2015-1394 CWE-79 CWE-8 High Vulnerabilities (1.2.9) 9
WordPress Plugin Photo Gallery SQL Injection CVE-2015-1055 CWE-89 High (1.2.7)
WordPress Plugin PhotoSmash Galleries 'action' CVE-2011-5307 CWE-79 High Parameter Cross-Site Scripting (1.0.2)
WordPress Plugin PhotoSmash Galleries Arbitrary CWE-434 High File Upload (1.0.7)
WordPress Plugin PhotoXhibit Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.1.8)
WordPress Plugin Photocart Link Local File CWE-22 High Inclusion (1.6)
WordPress Plugin Photoracer 'id' Parameter SQL CVE-2009-2122 CWE-89 High Injection (1.0)
WordPress Plugin Photoracer Multiple Cross-Site CWE-79 CWE-8 High Scripting and SQL Injection Vulnerabilities (1.0) 9
WordPress Plugin PictPress 'resize.php' Multiple CVE-2007-6369 CWE-22 High Local File Include Vulnerabilities (1.0)
WordPress Plugin PictoBrowser Cross-Site Request CVE-2014-9392 CWE-352 High Forgery (0.3.1)
WordPress Plugin Picturesurf Gallery 'upload.php' CWE-434 High Arbitrary File Upload (1.2)
WordPress Plugin Pie Register Cross-Site Scripting CWE-79 High (2.0.14)
�83 Vulnerability Name CVE CWE Severity
WordPress Plugin Pie Register Multiple Cross-Site CVE-2013-4954 CWE-79 High Scripting Vulnerabilities (1.30)
WordPress Plugin Pie Register Multiple CWE-89 CWE-2 High Vulnerabilities (2.0.15) 87
WordPress Plugin Pie Register Multiple CVE-2015-7377 CVE-2015-7682 CWE-79 CWE-8 High Vulnerabilities (2.0.18) 9
WordPress Plugin Pie Register Security Bypass CVE-2014-8802 CWE-264 High (2.0.13)
WordPress Plugin Pierre's Wordspew CWE-89 High 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)
WordPress Plugin Pinpoint Booking System CVE-2014-3210 CWE-89 High (+WooCommerce) SQL Injection (1.2)
WordPress Plugin Pinpoint Booking System CWE-89 High (+WooCommerce) SQL Injection (2.0)
WordPress Plugin Pinterest 'Pin It' Button Multiple High Unspecified Vulnerabilities (1.3.1)
WordPress Plugin Pixabay Images Multiple CVE-2015-1365 CVE-2015-1366CVE-2015-1375 CVE-2015-1 CWE-22 CWE-7 High Vulnerabilities (2.3) 376 9 CWE-434 CWE -592
WordPress Plugin Platinum SEO Pack Cross-Site CVE-2013-5918 CWE-79 High Scripting (1.3.7)
WordPress Plugin Plotly Cross-Site Scripting (1.0.2) CVE-2015-5484 CWE-79 High
WordPress Plugin Plug-N-Edit Full Drag & Drop CWE-79 High HTML Visual Editor with Web Page Builder WYSIWYG Cross-Site Scripting (5.2.0)
WordPress Plugin Plugin Central Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.5)
WordPress Plugin Plugin:Newsletter 'data' CVE-2012-3588 CWE-22 High Parameter Information Disclosure (1.5)
WordPress Plugin Plugmatter Optin Feature Box CWE-89 High Multiple SQL Injection Vulnerabilities (2.0.13)
WordPress Plugin Podcast Channels Cross-Site CVE-2014-4544 CWE-79 High Scripting (0.20)
WordPress Plugin Pods-Custom Content Types and CVE-2014-7956 CVE-2014-7957 CWE-79 CWE-3 High Fields Multiple Vulnerabilities (2.4.3) 52
WordPress Plugin Pods-Custom Content Types and CWE-89 High Fields SQL Injection (2.5.1.1)
WordPress Plugin Polldaddy Polls & Ratings Cross- CWE-352 High Site Request Forgery (2.0.20)
WordPress Plugin Polldaddy Polls & Ratings Cross- CVE-2014-4856 CWE-79 High Site Scripting (2.0.24)
WordPress Plugin Polldaddy Polls & Ratings High Unspecified Vulnerability (2.0.25)
WordPress Plugin Polylang Cross-Site Scripting CVE-2014-4855 CWE-79 High (1.5.1)
WordPress Plugin Pondol Form to Mail Cross-Site CWE-79 High Scripting (1.1)
�84 Vulnerability Name CVE CWE Severity
WordPress Plugin Popular Posts TimThumb CWE-434 High Arbitrary File Upload (2.1.4)
WordPress Plugin Portable phpMyAdmin CVE-2012-5469 CWE-264 High Authentication Bypass (1.3.0)
WordPress Plugin Portfolio Cross-Site Request CVE-2015-6523 CWE-352 High Forgery (1.0)
WordPress Plugin Portfolio Gallery Cross-Site CWE-79 High Scripting (1.5.7)
WordPress Plugin Portfolio by BestWebSoft CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.27)
WordPress Plugin Post Connector Cross-Site CWE-79 High Scripting (1.0.3)
WordPress Plugin Post Expirator Multiple CWE-79 CWE-3 High Vulnerabilities (2.1.1) 52
WordPress Plugin Post Lists View Custom Cross- CWE-79 High Site Scripting (1.7.1)
WordPress Plugin Post Recommendations for CWE-94 High WordPress 'api.php' Remote File Include (1.1.2)
WordPress Plugin Post Thumbnail Editor Multiple CWE-352 High Cross-Site Request Forgery Vulnerabilities (2.4.1)
WordPress Plugin Post to Twitter Cross-Site CVE-2014-9393 CWE-352 High Request Forgery (0.7)
WordPress Plugin Post video players, slideshow CWE-79 High albums, photo galleries and music/podcast playlist Cross-Site Scripting (1.136)
WordPress Plugin Postie 'From' Field Cross-Site CVE-2012-2580 CWE-79 High Scripting (1.4.3)
WordPress Plugin Postmatic-Post and comment CWE-79 High subscriptions that invite you to hit reply Cross-Site Scripting (1.4.5)
WordPress Plugin Powerhouse Museum Collection CWE-79 High Image Grid 'tbpv_username' Parameter Cross-Site Scripting (0.9.1.1)
WordPress Plugin Powerplay Gallery 'upload.php' CWE-434 High Arbitrary File Upload (3.2)
WordPress Plugin Powerplay Gallery Multiple CVE-2015-5599 CVE-2015-5681CVE-2015-5682 CWE-89 CWE-4 High Vulnerabilities (3.3) 34
WordPress Plugin Premium SEO Pack Multiple CWE-434 CWE- High Vulnerabilities (1.8.0) 538
WordPress Plugin Pretty Link Lite 'pretty-bar.php' CWE-79 High Cross-Site Scripting (1.5.2)
WordPress Plugin Pretty Link Lite 'slug' Parameter CVE-2011-5192 CWE-79 High Cross-Site Scripting (1.5.5)
WordPress Plugin Pretty Link Lite Cross-Site CWE-79 High Scripting (1.6.0)
WordPress Plugin Pretty Link Lite Cross-Site CVE-2013-1636 CWE-79 High Scripting (1.6.2)
WordPress Plugin Pretty Link Lite Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (1.4.56)
�85 Vulnerability Name CVE CWE Severity
WordPress Plugin Pretty Link Lite Multiple Cross- CWE-79 CWE-8 High Site Scripting and SQL Injection Vulnerabilities 9 (1.5.2)
WordPress Plugin Pretty Link Lite Multiple SQL CWE-89 High Injection Vulnerabilities (1.4.56)
WordPress Plugin Pretty Link Lite Multiple High Unspecified Vulnerabilities (1.6.3)
WordPress Plugin Pretty Link Lite SQL Injection CWE-89 High (1.6.7)
WordPress Plugin Print Friendly and PDF Button CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.3.7)
WordPress Plugin Private Only Multiple CVE-2015-5483 CWE-79 CWE-3 High Vulnerabilities (3.5.1) 52
WordPress Plugin Pro Quoter Multiple Cross-Site CVE-2014-4545 CWE-79 High Scripting Vulnerabilities (1.0)
WordPress Plugin ProPlayer 'pp_playlist_id' CWE-89 High Parameter SQL Injection (4.7.7)
WordPress Plugin ProPlayer SQL Injection (4.7.9.1) CWE-89 High
WordPress Plugin Processing Embed 'pluginurl' CVE-2010-4747 CWE-79 High Parameter Cross-Site Scripting (0.5)
WordPress Plugin Profile Builder 'key' Parameter CWE-264 High Security Bypass (1.1.24)
WordPress Plugin Profile Builder-front-end user CVE-2014-8492 CWE-79 High registration, login and edit profile Cross-Site Scripting (2.0.2)
WordPress Plugin Profile Builder-front-end user CWE-79 High registration, login and edit profile Cross-Site Scripting (2.2.4)
WordPress Plugin Profile Builder-front-end user CWE-79 High registration, login and edit profile Multiple Cross- Site Scripting Vulnerabilities (1.1.65)
WordPress Plugin Profile Builder-front-end user CWE-287 High registration, login and edit profile Security Bypass (1.1.59)
WordPress Plugin Profile Builder-front-end user High registration, login and edit profile Unspecified Vulnerability (2.1.3)
WordPress Plugin Profiles 'bio-img.php' SQL CWE-89 High Injection (2.0RC1)
WordPress Plugin PureHTML 'alter.php' SQL CWE-89 High Injection (1.0.0)
WordPress Plugin Qiniu Uploader Cross-Site CWE-79 High Scripting (0.1)
WordPress Plugin Qtranslate Slug Unspecified High Vulnerability (1.1.16)
WordPress Plugin Quartz SQL Injection (1.01.1) CVE-2014-5185 CWE-89 High
WordPress Plugin Query Interface Security Bypass CWE-701 High (1.1)
WordPress Plugin Question and Answer Forum CWE-79 High 'title' Variable Cross-Site Scripting (1.2.4)
�86 Vulnerability Name CVE CWE Severity
WordPress Plugin Quick Cache (Speed Without High Compromise) Unspecified Vulnerability (140725)
WordPress Plugin Quick Contact Form Cross-Site CWE-79 High Scripting (6.0)
WordPress Plugin Quick Page/Post Redirect Cross- CVE-2014-2598 CWE-352 High Site Request Forgery (5.0.4)
WordPress Plugin Quick Page/Post Redirect Open CWE-601 High Redirect (5.1.5)
WordPress Plugin Quick Paypal Payments Cross- CWE-79 High Site Scripting (3.0)
WordPress Plugin Quick Post Widget Multiple CVE-2012-4226 CWE-79 CWE-3 High Cross-Site Scripting and Cross-Site Request Forgery 52 Vulnerabilities (1.9.1)
WordPress Plugin Quiz And Survey Master CWE-89 High (Formerly Quiz Master Next) Multiple SQL Injection Vulnerabilities (4.4.2)
WordPress Plugin Quiz And Survey Master CWE-89 High (Formerly Quiz Master Next) Multiple SQL Injection Vulnerabilities (4.4.3)
WordPress Plugin Quotes Collection Cross-Site CWE-352 High Request Forgery (1.5.5.1)
WordPress Plugin Quotes and Tips by BestWebSoft CWE-79 High Cross-Site Scripting (1.19)
WordPress Plugin RBX Gallery 'uploader.php' CVE-2012-3575 CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin RSS Feed Reader 'rss_url' CVE-2011-0740 CWE-79 High Parameter Cross-Site Scripting (0.1)
WordPress Plugin RSS Includes Pages and Custom High Post Types Unspecified Vulnerability (3.1)
WordPress Plugin RSS Post Importer Cross-Site CWE-79 High Scripting (2.2.1)
WordPress Plugin RSVPmaker Cross-Site Scripting CWE-79 High (2.5.4)
WordPress Plugin Random Banner Cross-Site CVE-2014-4847 CWE-79 High Scripting (1.1.2.1)
WordPress Plugin Random image gallery with CWE-79 High pretty photo zoom Cross-Site Scripting (7.4)
WordPress Plugin Rating-Widget:Star Rating System CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.3.1)
WordPress Plugin ReFlex Gallery 'php.php' CWE-434 High Arbitrary File Upload (1.4.6)
WordPress Plugin ReFlex Gallery Arbitrary File CVE-2015-4133 CWE-434 High Upload (3.1.3)
WordPress Plugin ReFlex Gallery Cross-Site CWE-79 High Scripting (3.1.4)
WordPress Plugin Ready! Ecommerce Shopping CWE-352 High Cart Multiple Cross-Site Request Forgery Vulnerabilities (0.5.0)
WordPress Plugin Real Estate Website Builder CWE-79 High 'ajax_action' Parameter Cross-Site Scripting (0.1.0)
�87 Vulnerability Name CVE CWE Severity
WordPress Plugin Real WYSIWYG 'insert_file.php' CWE-434 High Arbitrary File Upload (0.0.2)
WordPress Plugin Really Easy Slider TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (0.1)
WordPress Plugin Really Simple Guest Post Local CWE-22 High File Inclusion (1.0.6)
WordPress Plugin Really Simple Share Cross-Site CWE-352 High Request Forgery (2.9.9)
WordPress Plugin Really Simple Share Unspecified High Vulnerability (4.3.6)
WordPress Plugin Recent Backups Arbitrary File CWE-22 High Download (0.7)
WordPress Plugin Recip.ly 'uploadImage.php' CWE-434 High Arbitrary File Upload (1.1.7)
WordPress Plugin Recipes Writer Cross-Site CWE-79 High Scripting (1.0.4)
WordPress Plugin Recommend to a friend Cross- CVE-2013-7276 CWE-79 High Site Scripting (2.0.2)
WordPress Plugin Redirection 'id' Parameter Cross- CWE-79 High Site Scripting (2.2.8)
WordPress Plugin Redirection HTTP Referrer CVE-2011-4562 CWE-79 High Header HTML Injection (2.2.9)
WordPress Plugin Redirection Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.2.11)
WordPress Plugin Redirection Page Multiple CVE-2015-1580 CWE-79 CWE-3 High Vulnerabilities (1.2) 52
WordPress Plugin Register Plus 'wp-login.php' CVE-2010-4402 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (3.5.1)
WordPress Plugin Register Plus Redux 'wp- CWE-79 High login.php' Multiple Cross-Site Scripting Vulnerabilities (3.6.1)
WordPress Plugin Rekt Slideshow TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (1.0.5)
WordPress Plugin Related Posts Cross-Site Request CVE-2013-3257 CWE-352 High Forgery (2.7.1)
WordPress Plugin Related Posts Lite Security CWE-264 High Bypass (1.1)
WordPress Plugin Related Posts Multiple Cross-Site CVE-2011-0760 CWE-352 High Request Forgery Vulnerabilities (1.0)
WordPress Plugin Related Posts by Zemanta Cross- CVE-2013-3477 CWE-352 High Site Request Forgery (1.3.1)
WordPress Plugin Related Posts for WordPress CWE-79 High Cross-Site Scripting (1.8.1)
WordPress Plugin Related Sites 'guid' Parameter CVE-2009-2383 CWE-89 High SQL Injection (2.1)
WordPress Plugin Relevanssi-A Better Search CWE-79 High 'Seach Query' Field HTML Injection (2.7.2)
WordPress Plugin Relevanssi-A Better Search Cross- CVE-2014-9443 CWE-79 High Site Scripting (3.3.7.1)
�88 Vulnerability Name CVE CWE Severity
WordPress Plugin Relevanssi-A Better Search SQL CWE-89 High Injection (3.2)
WordPress Plugin Relevant-Related Posts by CWE-79 High BestWebSoft Cross-Site Scripting (1.0.7)
WordPress Plugin Relocate Upload 'abspath' CVE-2012-1205 CWE-94 High Parameter Remote File Include (0.14)
WordPress Plugin Rent-A-Car TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (1.0)
WordPress Plugin ResAds Multiple Cross-Site CVE-2015-7667 CWE-79 High Scripting Vulnerabilities (1.0.1)
WordPress Plugin Responsive Category Slider CWE-79 High Cross-Site Scripting (1.0)
WordPress Plugin Responsive Lightbox by dFactory CWE-79 High Cross-Site Scripting (1.4.11)
WordPress Plugin Responsive Logo Slideshow CVE-2013-1759 CWE-79 High Cross-Site Scripting (1.0)
WordPress Plugin Restricted Site Access High Unspecified Vulnerability (2.0)
WordPress Plugin Resume Submissions & Job CWE-434 High Postings Arbitrary File Upload (2.5.1)
WordPress Plugin Revive Old Post (Former Tweet CWE-89 High Old Post) 'cat' Parameter SQL Injection (3.2.5)
WordPress Plugin Revive Old Post (Former Tweet CWE-264 High Old Post) Security Bypass (6.9.3)
WordPress Plugin Rezgo Cross-Site Scripting (1.4.2) CVE-2014-4546 CWE-79 High
WordPress Plugin Rezgo Online Booking Cross-Site CWE-79 High Scripting (1.8.6)
WordPress Plugin Rezgo Online Booking Multiple CVE-2014-4547 CWE-79 High Cross-Site Scripting Vulnerabilities (1.8)
WordPress Plugin Rich Counter Cross-Site Scripting CWE-79 High (1.1.5)
WordPress Plugin Rich Widget Arbitrary File Upload CWE-434 High (0.2.4)
WordPress Plugin Robo Gallery-Photo Gallery and High Images Gallery Multiple Unspecified Vulnerabilities (1.7.3)
WordPress Plugin Robo Gallery-Photo Gallery and CWE-94 High Images Gallery Remote Code Execution (2.0.14)
WordPress Plugin RocketTheme RokBox CWE-79 High 'jwplayer.swf' Cross-Site Scripting (2.11)
WordPress Plugin RocketTheme RokBox Multiple CWE-79 CWE-2 High Vulnerabilities (2.13) 00 CWE-434
WordPress Plugin Rockhoist Ratings SQL Injection CWE-89 High (1.2.1)
WordPress Plugin RokIntroScroller Multiple CWE-79 CWE-4 High Vulnerabilities (1.8) 34
WordPress Plugin RokMicroNews Multiple CWE-79 CWE-4 High Vulnerabilities (1.5) 34
�89 Vulnerability Name CVE CWE Severity
WordPress Plugin RokNewsPager Multiple CWE-79 CWE-4 High Vulnerabilities (1.17) 34
WordPress Plugin RokStories Multiple CWE-79 CWE-4 High Vulnerabilities (1.25) 34
WordPress Plugin Role Scoper Cross-Site Scripting CWE-79 High (1.3.64)
WordPress Plugin Role Scoper Cross-Site Scripting CVE-2015-8353 CWE-79 High (1.3.66)
WordPress Plugin Roomcloud Multiple Cross-Site CVE-2015-3904 CWE-79 High Scripting Vulnerabilities (1.1)
WordPress Plugin Royal Gallery 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin Royal Gallery Cross-Site Scripting CWE-79 High (2.0)
WordPress Plugin RoyalSlider Cross-Site Scripting CWE-79 High (3.2.4)
WordPress Plugin RoyalSlider Cross-Site Scripting CWE-79 High (3.2.6)
WordPress Plugin Ruben Boelinger WP-Table CVE-2007-2483 CVE-2007-2484 CWE-94 High 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43)
WordPress Plugin Ruben Boelinger wordTube CVE-2007-2481 CVE-2007-2482 CWE-94 High 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43)
WordPress Plugin Ruven Toolkit Cross-Site Scripting CVE-2014-4548 CWE-79 High (1.1)
WordPress Plugin S3 Video Cross-Site Scripting CWE-79 High (0.97)
WordPress Plugin S3 Video Cross-Site Scripting CVE-2013-7279 CWE-79 High (0.982)
WordPress Plugin S3 Video Cross-Site Scripting CWE-79 High (0.983)
WordPress Plugin S3Bubble Cloud Video With CWE-22 High Adverts & Analytics Arbitrary File Download (0.7)
WordPress Plugin SB Uploader Arbitrary File CWE-20 High Upload (3.2)
WordPress Plugin SB Uploader Arbitrary File CWE-434 High Upload (4.1)
WordPress Plugin SB Welcome Email Editor High Unspecified Vulnerability (4.1)
WordPress Plugin SCORM Cloud For WordPress CVE-2011-5216 CWE-89 High 'ajax.php' SQL Injection (1.0.6.6)
WordPress Plugin SE HTML5 Album Audio Player CVE-2015-4414 CWE-22 High Directory Traversal (1.1.0)
WordPress Plugin SEO Friendly Images Cross-Site CWE-79 High Scripting (3.0.4)
WordPress Plugin SEO Plugin LiveOptim Multiple CVE-2014-100001 CWE-79 CWE-3 High Vulnerabilities (1.1.8-free ) 52
�90 Vulnerability Name CVE CWE Severity
WordPress Plugin SEO Rank Reporter Cross-Site CWE-79 High Scripting (2.2.2)
WordPress Plugin SEO Redirection Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (2.8)
WordPress Plugin SEO SearchTerms Tagging 2 CWE-79 CWE-8 High Multiple Vulnerabilities (1.535) 9
WordPress Plugin SEO Tools 'file' Parameter CWE-22 High Directory Traversal (3.1.7)
WordPress Plugin SEO Ultimate 'wp-admin/ CWE-79 High post.php' Cross-Site Scripting (6.9.1)
WordPress Plugin SEO Ultimate Cross-Site Scripting CWE-79 High (7.6.5.2)
WordPress Plugin SFBrowser 'sfbrowser.php' CWE-434 High Arbitrary File Upload (1.4.5)
WordPress Plugin SH Slideshow 'ajax.php' SQL CWE-89 High Injection (3.1.4)
WordPress Plugin SI CAPTCHA Anti-Spam Cross-Site CVE-2014-5190 CWE-79 High Scripting (2.7.5)
WordPress Plugin SL User Create Information CWE-200 High Disclosure (0.2.4)
WordPress Plugin SP Project & Document Manager CVE-2014-9178 CWE-89 High Multiple SQL Injection Vulnerabilities (2.4.3)
WordPress Plugin SP Project & Document Manager CWE-79 CWE-8 High Multiple Vulnerabilities (2.5.9.7) 9 CWE-200 CWE -434
WordPress Plugin SP Project & Document Manager CWE-89 High SQL Injection (2.5.3)
WordPress Plugin SP Project & Document Manager High Unspecified Vulnerability (2.5.7.3)
WordPress Plugin SP Project & Document Manager High Unspecified Vulnerability (2.5.8.0)
WordPress Plugin SPNbabble Cross-Site Request CVE-2014-9339 CWE-352 High Forgery (1.4.1)
WordPress Plugin SS Downloads Cross-Site Request CWE-352 CWE- High Forgery and Information Disclosure Vulnerabilities 538 (1.4.3)
WordPress Plugin SS Downloads Multiple Cross-Site CVE-2014-4554 CWE-79 High Scripting Vulnerabilities (1.4.4.1)
WordPress Plugin SS Quiz Cross-Site Request CWE-264 CWE- High Forgery and Access Security Bypass Vulnerabilities 352 (1.11)
WordPress Plugin SS Quiz Multiple Unspecified High Vulnerabilities (1.12)
WordPress Plugin SSL Insecure Content Fixer CWE-200 High Information Disclosure (2.0.0)
WordPress Plugin STT2 Extension Add Terms High Unspecified Vulnerability (1.0.2)
WordPress Plugin Sabre 'tools.php' Cross-Site CVE-2012-2916 CWE-79 High Scripting (1.2.0)
�91 Vulnerability Name CVE CWE Severity
WordPress Plugin Safe Redirect Manager SQL CWE-89 High Injection (1.7.7)
WordPress Plugin Schreikasten 'name' or 'contact' CWE-79 High Field Cross-Site Scripting (0.14.13)
WordPress Plugin Search Bigger with WPSOLR CWE-79 High Cross-Site Scripting (7.6)
WordPress Plugin Search Everything Cross-Site CVE-2014-3843 CWE-352 High Request Forgery (8.1)
WordPress Plugin Search Everything SQL Injection CVE-2014-2316 CWE-89 High (7.0.2)
WordPress Plugin Search Unleashed 'Log' Function CWE-79 High HTML Injection (0.2.10)
WordPress Plugin Search and Share Cross-Site CWE-79 High Scripting (0.9.3)
WordPress Plugin SearchAutocomplete 'tags.php' CWE-89 High SQL Injection (1.0.8)
WordPress Plugin Secure HTML5 Video Player CWE-79 High Cross-Site Scripting (3.3)
WordPress Plugin SecureMoz Security Audit PHP CVE-2015-6828 CWE-915 High Object Injection (1.0.5)
WordPress Plugin Securimage-WP Cross-Site CWE-79 High Scripting (3.2.4)
WordPress Plugin Sell Downloads Arbitrary File CVE-2014-9511 CWE-538 High Disclosure (1.0.1)
WordPress Plugin Sell Downloads Arbitrary File CWE-22 High Disclosure (1.0.17)
WordPress Plugin SendPress Newsletters Multiple CWE-79 CWE-8 High Vulnerabilities (1.1.7.21) 9
WordPress Plugin SendPress Newsletters Security CWE-264 High Bypass (1.2.10.20)
WordPress Plugin Sender by BestWebSoft Multiple CWE-79 CWE-3 High Vulnerabilities (0.7) 52
WordPress Plugin Sendit Newsletter 'id' Parameter CWE-89 High SQL Injection (2.1.0)
WordPress Plugin Sendit Newsletter 'submit.php' CWE-89 High Blind SQL Injection (1.5.9)
WordPress Plugin Seriously Simple Podcasting CWE-79 High Cross-Site Scripting (1.9.4)
WordPress Plugin Sermon Browser Cross-Site CWE-79 CWE-8 High Scripting and SQL Injection Vulnerabilities (0.43) 9
WordPress Plugin Sexy Add Template Cross-Site CWE-352 High Request Forgery (1.0)
WordPress Plugin Share Buttons by AddThis CWE-95 High Backdoor (2.1.2)
WordPress Plugin Share Buttons by AddThis Cross- CWE-79 High Site Scripting (5.0.12)
WordPress Plugin Share and Follow 'admin.php' CVE-2012-2917 CWE-79 High Cross-Site Scripting (1.80.3)
�92 Vulnerability Name CVE CWE Severity
WordPress Plugin ShareThis:Share Buttons and CVE-2013-3479 CWE-352 High Social Analytics Cross-Site Request Forgery (7.0.5)
WordPress Plugin ShareYourCart Information CVE-2012-4332 CWE-200 High Disclosure (1.6.1)
WordPress Plugin Shareaholic-share buttons, CVE-2013-3256 CWE-352 High related posts, social analytics & more Cross-Site Request Forgery (6.1.4.1)
WordPress Plugin Shareaholic-share buttons, CWE-352 High related posts, social analytics & more Cross-Site Request Forgery (7.0.3.3)
WordPress Plugin Shareaholic-share buttons, CVE-2014-9311 CWE-79 High related posts, social analytics & more Cross-Site Scripting (7.6.0.9)
WordPress Plugin Sharebar Cross-Site Scripting and CWE-79 CWE-8 High SQL Injection Vulnerabilities (1.2.1) 9
WordPress Plugin Sharebar Multiple Vulnerabilities CVE-2013-3491 CWE-79 CWE-3 High (1.2.5) 52
WordPress Plugin Shariff for WordPress Cross-Site CWE-79 High Scripting (1.0.7)
WordPress Plugin Shopp Multiple Vulnerabilities CWE-79 CWE-2 High (1.0.17) 00 CWE-434
WordPress Plugin Shopping Cart Multiple SQL CWE-89 CWE-4 High Injection and Arbitrary File Upload Vulnerabilities 34 (8.1.14)
WordPress Plugin Shortcode Ninja Cross-Site CVE-2014-4550 CWE-79 High Scripting (1.4)
WordPress Plugin Shortcode Redirect 'domain' CVE-2012-5325 CWE-79 High Parameter Cross-Site Scripting (1.0.01)
WordPress Plugin Shortcodes Ultimate Multiple CWE-79 CWE-3 High Vulnerabilities (4.9.3) 52
WordPress Plugin Showbiz Pro Responsive Teaser CWE-434 High Arbitrary File Upload (1.7.1)
WordPress Plugin Sidebar Login Cross-Site CWE-79 High Scripting (2.3.6)
WordPress Plugin Sidekick Multiple Unspecified High Vulnerabilities (2.2.1)
WordPress Plugin Simpel Reserveren 3 Cross-Site CWE-79 High Scripting (3.5.2)
WordPress Plugin Simple 301 Redirects Multiple High Unspecified Vulnerabilities (1.05)
WordPress Plugin Simple Ads Manager Arbitrary CVE-2015-2825 CWE-434 High File Upload (2.5.94)
WordPress Plugin Simple Ads Manager Denial of CWE-400 High Service (2.9.3.114)
WordPress Plugin Simple Ads Manager Multiple CVE-2015-2824 CVE-2015-2826 CWE-89 CWE-2 High Vulnerabilities (2.6.96) 00
WordPress Plugin Simple Ads Manager SQL CWE-89 High Injection (2.9.4.116)
WordPress Plugin Simple Backup Arbitrary File CWE-538 High Download (2.7.10)
�93 Vulnerability Name CVE CWE Severity
WordPress Plugin Simple Download Button CWE-22 High Shortcode 'file' Parameter Information Disclosure (1.0)
WordPress Plugin Simple Download Monitor CWE-200 CWE- High Multiple Vulnerabilities (3.2.8) 264
WordPress Plugin Simple Dropbox Upload Arbitrary CVE-2013-5963 CWE-434 High File Upload (1.8.8)
WordPress Plugin Simple Fields Cross-Site Scripting CWE-79 High (1.4.10)
WordPress Plugin Simple Flash Video Cross-Site CWE-79 High Scripting (1.7)
WordPress Plugin Simple Gmail Login Stack Trace CVE-2012-6313 CWE-200 High Information Disclosure (1.1.3)
WordPress Plugin Simple History Information CWE-200 High Disclosure (1.0.7)
WordPress Plugin Simple Image Manipulator CWE-538 High Arbitrary File Download (1.0)
WordPress Plugin Simple Image Sizes Unspecified High Vulnerability (2.2.4)
WordPress Plugin Simple Login Log Multiple CWE-79 CWE-8 High Vulnerabilities (0.9.3) 9
WordPress Plugin Simple Page Ordering Cross-Site CWE-79 High Scripting (2.2.1)
WordPress Plugin Simple Photo Gallery SQL CWE-89 High Injection (1.7.9)
WordPress Plugin Simple Retail Menus SQL CVE-2014-5183 CWE-89 High Injection (4.0.1)
WordPress Plugin Simple Security Multiple Cross- CVE-2014-9570 CWE-79 High Site Scripting Vulnerabilities (1.1.5)
WordPress Plugin Simple Share Buttons Adder CWE-79 High Cross-Site Scripting (5.6)
WordPress Plugin Simple Share Buttons Adder CVE-2014-4717 CWE-79 CWE-3 High Multiple Vulnerabilities (4.4) 52
WordPress Plugin Simple Sitemap Unspecified High Vulnerability (1.53)
WordPress Plugin Simple Slide Show TimThumb CWE-434 High Arbitrary File Upload (1.0)
WordPress Plugin Simple Slider 'New Image' Field CWE-79 High Cross-Site Scripting (1.0)
WordPress Plugin Simple Slideshow Manager High Multiple Unspecified Vulnerabilities (2.1)
WordPress Plugin Simple Sticky Footer Cross-Site CVE-2014-9454 CWE-352 High Request Forgery (1.3.2)
WordPress Plugin Simple visitor stat Cross-Site CVE-2014-9453 CWE-79 High Scripting (1.0)
WordPress Plugin Simple:Press 'sf-header- CWE-89 High forum.php' SQL Injection (4.3.0)
WordPress Plugin Simple:Press Security Bypass and CWE-264 CWE- High Arbitrary File Upload Vulnerabilities (4.1.2) 434
�94 Vulnerability Name CVE CWE Severity
WordPress Plugin SimpleFlickr Cross-Site Request CVE-2014-9396 CWE-352 High Forgery (3.0.3)
WordPress Plugin Simplelife Cross-Site Request CVE-2014-9395 CWE-352 High Forgery (1.2)
WordPress Plugin Simplified Content Cross-Site CWE-79 High Scripting (1.0.0)
WordPress Plugin Simply Instagram Cross-Site CWE-79 High Scripting (1.2.6)
WordPress Plugin Simply Poll Cross-Site Scripting CWE-79 CWE-3 High and Cross-Site Request Forgery Vulnerabilities 52 (1.4.1)
WordPress Plugin Site Import Remote File Inclusion CWE-98 High (1.0.1)
WordPress Plugin Skysa App Bar Integration CVE-2011-5179 CWE-79 High 'submit' Parameter Cross-Site Scripting (1.03)
WordPress Plugin SlideDeck 2 Lite Responsive CVE-2013-1808 CWE-79 High Content Slider Multiple Cross-Site Scripting Vulnerabilities (2.1.20130228)
WordPress Plugin Slider Multiple Vulnerabilities CWE-73 CWE-7 High (2.7.5) 9 CWE-352
WordPress Plugin Slider Revolution Responsive CWE-434 High Arbitrary File Upload (3.0.95)
WordPress Plugin Slider Revolution Responsive CWE-22 High Local File Inclusion (4.1.4)
WordPress Plugin Slider SQL Injection (2.6.8) CVE-2015-2062 CWE-89 High
WordPress Plugin Slider SQL Injection (2.8.6) CWE-89 High
WordPress Plugin Slider WD Unspecified High Vulnerability (1.1.9)
WordPress Plugin Slideshow Gallery 2 'border' CVE-2012-5229 CWE-79 High Parameter Cross-Site Scripting (1.1.4)
WordPress Plugin Slideshow Information CVE-2015-3634 CWE-200 High Disclosure (2.2.21)
WordPress Plugin Slideshow Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.1.14)
WordPress Plugin Slideshow Multiple Cross-Site CWE-79 CWE-2 High Scripting and Information Disclosure Vulnerabilities 00 (2.1.12)
WordPress Plugin Slideshow Pro 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin Sliding Recent Posts Cross-Site CWE-352 High Request Forgery (1.0)
WordPress Plugin Sliding Social Icons Cross-Site CVE-2014-9437 CWE-352 High Request Forgery (1.61)
WordPress Plugin Smart Flv 'jwplayer.swf' Multiple CVE-2013-1765 CWE-79 High Cross-Site Scripting Vulnerabilities (1.0)
WordPress Plugin Smart Forms Cross-Site Scripting CVE-2014-8803 CWE-79 High (2.1.0)
WordPress Plugin Smart Layers by AddThis High Unspecified Vulnerability (1.0.1)
�95 Vulnerability Name CVE CWE Severity
WordPress Plugin Smart Manager for CWE-89 High WooCommerce & WPeC SQL Injection (3.9.6)
WordPress Plugin Smart Slider 2 Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.3.11)
WordPress Plugin Smart Slideshow 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin Smooth Slider SQL Injection CWE-89 High (2.6.5)
WordPress Plugin SnapApp Multiple Cross-Site CVE-2014-4596 CWE-79 High Scripting Vulnerabilities (1.5)
WordPress Plugin Snazzy Archives Cross-Site CWE-79 High Scripting (1.7.1)
WordPress Plugin Sniplets Multiple Input Validation CVE-2008-1059 CVE-2008-1060CVE-2008-1061 CWE-79 CWE-9 High Vulnerabilities (1.2.2) 4 CWE-95
WordPress Plugin Social Connect Cross-Site CVE-2014-4551 CWE-79 High Scripting (1.0.4)
WordPress Plugin Social Count Plus Cross-Site CWE-79 High Scripting (3.0.2)
WordPress Plugin Social Discussions Remote File CWE-94 CWE-2 High Include and Information Disclosure Vulnerabilities 00 (6.1.1)
WordPress Plugin Social Essentials-Social Stats and CWE-79 High Sharing Buttons Cross-Site Scripting (1.3.1)
WordPress Plugin Social Hashtags Cross-Site CWE-79 High Scripting (3.0.0)
WordPress Plugin Social Media Unspecified High Vulnerability (1.4)
WordPress Plugin Social Media Widget Serving CVE-2013-1949 CWE-20 High Spam (4.0)
WordPress Plugin Social Media Widget by Acurax CWE-79 High Cross-Site Scripting (2.2)
WordPress Plugin Social Media and Share Icons CWE-79 High (Ultimate Social Media) Cross-Site Scripting (1.1.1.11)
WordPress Plugin Social Media and Share Icons High (Ultimate Social Media) Multiple Unspecified Vulnerabilities (1.2.1)
WordPress Plugin Social Share Button Cross-Site CWE-79 High Scripting (2.1)
WordPress Plugin Social Sharing Toolkit Cross-Site CVE-2013-6280 CWE-79 High Scripting (2.1.1)
WordPress Plugin Social Slider 'rA[]' Parameter SQL CVE-2011-5286 CWE-89 High Injection (5.6.5)
WordPress Plugin SocialFit 'msg' Parameter Cross- CWE-79 High Site Scripting (1.2.2)
WordPress Plugin SocialGrid 'default_services' CWE-79 High Parameter Cross-Site Scripting (2.3)
WordPress Plugin SodaHead Polls Multiple Cross- CVE-2011-5304 CWE-79 High Site Scripting Vulnerabilities (2.0.2 )
�96 Vulnerability Name CVE CWE Severity
WordPress Plugin Solve Media CAPTCHA Cross-Site CWE-352 High Request Forgery (1.1.0)
WordPress Plugin SoundCloud Is Gold 'width' CVE-2012-6624 CWE-79 High Parameter Cross-Site Scripting (2.1)
WordPress Plugin SoundCloud Is Gold Cross-Site CWE-79 High Scripting (2.3.1)
WordPress Plugin Soundy Background Music Cross- CWE-79 High Site Scripting (3.1)
WordPress Plugin Spam Free WordPress Security CWE-264 High Bypass (1.9.2)
WordPress Plugin SpamBam Key Calculation CWE-264 High Security Bypass (2.1)
WordPress Plugin Special Text Boxes Arbitrary File CWE-434 High Upload (5.1.90)
WordPress Plugin Spellchecker 'general.php' Local CWE-22 CWE-9 High and Remote File Include Vulnerabilities (3.1) 4
WordPress Plugin Spicy Blogroll Local File Include CWE-22 High (1.0.0)
WordPress Plugin Spider Calendar Cross-Site CWE-79 High Scripting (1.1.0)
WordPress Plugin Spider Calendar Cross-Site CWE-79 CWE-8 High Scripting and SQL Injection Vulnerabilities (1.0.1) 9
WordPress Plugin Spiffy XSPF Player SQL Injection CVE-2013-3530 CWE-89 High (0.1)
WordPress Plugin Spotlight Cross-Site Scripting CVE-2014-4552 CWE-79 High (4.7)
WordPress Plugin Spreadsheet (wpSS) 'ss_id' CVE-2008-1982 CWE-89 High Parameter SQL Injection (0.61)
WordPress Plugin Spreadsheet (wpSS) Cross-Site CVE-2014-8364 CWE-79 High Scripting (0.62)
WordPress Plugin Spreadsheet (wpSS) SQL CVE-2014-8363 CWE-89 High Injection (0.62)
WordPress Plugin Spreadsheet Cross-Site Scripting CVE-2013-6281 CWE-79 High (2.0)
WordPress Plugin Sprout Invoices-Client Invoicing CWE-79 High & Estimates Cross-Site Scripting (6.1)
WordPress Plugin Sprout Invoices-Client Invoicing CWE-264 High & Estimates Security Bypass (9.3)
WordPress Plugin StageShow Multiple CVE-2015-5461 CWE-79 CWE-3 High Vulnerabilities (5.0.8) 52 CWE-601
WordPress Plugin StatPress Cross-Site Scripting CWE-79 High (1.2.9.1)
WordPress Plugin StatPress Multiple Unspecified High Vulnerabilities (1.4.1)
WordPress Plugin StatPressCN 'wp-admin/ CVE-2011-0641 CWE-79 High admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)
WordPress Plugin Stealth Login Page Unspecified High Vulnerability (1.1.3)
�97 Vulnerability Name CVE CWE Severity
WordPress Plugin Stop User Enumeration User CWE-203 High Enumeration (1.2.4)
WordPress Plugin Store Locator Plus Open Email CWE-264 High Relay (4.2.25)
WordPress Plugin Store Locator Plus-Google Maps CWE-89 CWE-2 High Multiple Vulnerabilities (3.0.1) 00
WordPress Plugin Store Locator Plus-Google Maps CWE-89 High SQL Injection (3.8.6)
WordPress Plugin Stream Video Player Cross-Site CVE-2013-2706 CWE-352 High Request Forgery (1.4.0)
WordPress Plugin Style It Cross-Site Scripting (1.0) CVE-2014-4555 CWE-79 High
WordPress Plugin Subscribe Form Remote CWE-94 High Command Execution (1.1)
WordPress Plugin Subscribe To Comments CWE-79 High Reloaded Cross-Site Scripting (150611)
WordPress Plugin Subscribe To Comments CVE-2014-2274 CWE-79 CWE-3 High Reloaded Multiple Vulnerabilities (140204) 52
WordPress Plugin Subscribe to Comments Local CWE-22 High File Inclusion (2.1.2)
WordPress Plugin Subscribe to Comments Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (2.0.4)
WordPress Plugin Subscribe to Comments CWE-200 High Unsubscribe Challenge Information Disclosure (2.0.2)
WordPress Plugin Subscribe2 Cross-Site Scripting CWE-79 High (10.15)
WordPress Plugin Subscribe2 Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (8.1)
WordPress Plugin Subscribe2 Unspecified High Vulnerability (10.20.5)
WordPress Plugin Sucuri Security-Auditing, CWE-79 High Malware Scanner and Security Hardening Cross- Site Scripting (1.7.15)
WordPress Plugin Super CAPTCHA 'admin.php' SQL CWE-89 High Injection (2.2.4)
WordPress Plugin Super Refer A Friend Information CWE-200 High Disclosure (1.0)
WordPress Plugin Support Ticket System Multiple CVE-2015-7670 CWE-89 High SQL Injection Vulnerabilities (1.2)
WordPress Plugin SupportEzzy Ticket System Cross- CVE-2014-9179 CWE-79 High Site Scripting (1.2.5)
WordPress Plugin Swim Team Arbitrary File CVE-2015-5471 CWE-22 High Download (1.44.1077)
WordPress Plugin Swipe Checkout for Jigoshop CVE-2014-4557 CWE-79 High Cross-Site Scripting (3.1.0)
WordPress Plugin Swipe Checkout for WP e- CVE-2014-4559 CWE-79 High Commerce Multiple Cross-Site Scripting Vulnerabilities (3.1.0)
�98 Vulnerability Name CVE CWE Severity
WordPress Plugin Swipe Checkout for CVE-2014-4558 CWE-79 High WooCommerce Cross-Site Scripting (2.7.1)
WordPress Plugin Swipe Checkout for eShop Cross- CVE-2014-4556 CWE-79 High Site Scripting (3.7.0)
WordPress Plugin Syndication Links Cross-Site CWE-79 High Scripting (1.0.2)
WordPress Plugin SyntaxHighlighter Evolved Cross- CWE-79 High Site Scripting (3.1.5)
WordPress Plugin TDO Mini Forms Arbitrary File CWE-434 High Upload (0.13.9)
WordPress Plugin TagNinja 'id' Parameter Cross- CWE-79 High Site Scripting (1.0)
WordPress Plugin TallyKit Cross-Site Scripting (5.4) CWE-79 High
WordPress Plugin Tera Charts Cross-Site Scripting CWE-79 High (1.0)
WordPress Plugin Tera Charts Multiple Local File CVE-2014-4940 CWE-22 High Inclusion Vulnerabilities (0.1)
WordPress Plugin Terillion Reviews Profile Id Cross- CVE-2013-2501 CWE-79 High Site Scripting (1.1)
WordPress Plugin Testimonial Multiple CVE-2013-5672 CVE-2013-5673 CWE-79 CWE-8 High Vulnerabilities (2.2) 9 CWE-352
WordPress Plugin Testimonial Slider Cross-Site CWE-79 High Scripting (1.2.1)
WordPress Plugin Thank You Counter Button Cross- CWE-79 High Site Scripting (1.8.2)
WordPress Plugin Thank You Counter Button CVE-2014-2315 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.8.7)
WordPress Plugin The Crawl Rate Tracker CWE-89 High 'sbtracking-chart-data.php' SQL Injection (2.0.2)
WordPress Plugin The Events Calendar Cross-Site CWE-79 High Scripting (3.0)
WordPress Plugin The Events Calendar Open CWE-601 High Redirect (4.1.1)
WordPress Plugin The Events Calendar Security CWE-264 High Bypass (3.11.2)
WordPress Plugin The Events Calendar Unspecified High Vulnerability (4.0.4)
WordPress Plugin The Events Calendar:Eventbrite CVE-2015-5485 CWE-79 High Tickets Cross-Site Scripting (3.9.6)
WordPress Plugin The Guardian News Feed Cross- CWE-352 High Site Request Forgery (0.4)
WordPress Plugin The Holiday Calendar Cross-Site CWE-79 High Scripting (1.11.2)
WordPress Plugin The Piecemaker 'php.php' CWE-434 High Arbitrary File Upload (1.1)
WordPress Plugin The Welcomizer 'twiz-index.php' CWE-79 High Cross-Site Scripting (1.3.9.4)
�99 Vulnerability Name CVE CWE Severity
WordPress Plugin TheCartPress 'tcp_class_path' CWE-94 High Parameter Remote File Include (1.1.1)
WordPress Plugin TheCartPress eCommerce CVE-2011-5207 CWE-79 High Shopping Cart 'OptionsPostsList.php' Cross-Site Scripting (1.1.6)
WordPress Plugin TheCartPress eCommerce CVE-2015-3300 CVE-2015-3301CVE-2015-3302 CVE-2015-3 CWE-79 CWE-9 High Shopping Cart Multiple Vulnerabilities (1.3.9) 986 8 CWE-284 CWE -352
WordPress Plugin TheCartPress eCommerce CWE-264 High Shopping Cart Order Information Security Bypass (1.1.9.2)
WordPress Plugin TheThe Layout Grid Cross-Site CVE-2013-1808 CWE-79 High Scripting (1.0.0)
WordPress Plugin Theme Blvd Layout Builder CWE-264 High Multiple Security Bypass Vulnerabilities (2.0.1)
WordPress Plugin Theme Blvd Shortcodes Multiple CWE-264 High Security Bypass Vulnerabilities (1.5.2)
WordPress Plugin Theme Blvd Sliders Multiple CWE-264 High Security Bypass Vulnerabilities (1.2.3)
WordPress Plugin Theme Blvd Widget Areas CWE-264 High Multiple Security Bypass Vulnerabilities (1.2.2)
WordPress Plugin Theme My Login 'instance' CWE-79 High Parameter Cross-Site Scripting (6.1.4)
WordPress Plugin Theme My Login Local File CVE-2014-5155 CWE-22 High Inclusion (6.3.9)
WordPress Plugin Theme Test Drive Multiple CWE-79 CWE-4 High Vulnerabilities (2.9) 34
WordPress Plugin Theme Tuner 'tt-abspath' CVE-2012-0934 CWE-94 High Parameter Remote File Include (0.7)
WordPress Plugin ThinkIT WP Contact Form CWE-79 CWE-3 High Multiple Vulnerabilities (0.2) 52
WordPress Plugin Thinkun Remind 'dirPath' CWE-22 High Parameter Information Disclosure (1.1.3)
WordPress Plugin ThreeWP Email Reflector CVE-2012-2572 CWE-79 High 'Subject' Field Cross-Site Scripting (1.15)
WordPress Plugin Ticket Manager Cross-Site CWE-79 High Scripting (1)
WordPress Plugin Tidio Gallery Multiple CWE-79 CWE-4 High Vulnerabilities (1.1) 34
WordPress Plugin Tierra's Billboard Manager SQL CWE-89 High Injection (1.14)
WordPress Plugin Timed Popup Cross-Site Request CVE-2014-9525 CWE-352 High Forgery (1.3)
WordPress Plugin Tiny URL Cross-Site Scripting CVE-2013-1808 CWE-79 High (1.3.2)
WordPress Plugin TinyMCE Advanced Cross-Site CWE-352 High Request Forgery (4.1)
WordPress Plugin TinyMCE Color Picker Multiple CVE-2014-3844 CVE-2014-3845 CWE-264 CWE- High Vulnerabilities (1.1) 352
�100 Vulnerability Name CVE CWE Severity
WordPress Plugin Tinymce Thumbnail Gallery 'href' CWE-22 High Parameter Information Disclosure (1.0.7)
WordPress Plugin Titan Framework Cross-Site CVE-2014-6444 CWE-79 High Scripting (1.5.2)
WordPress Plugin Titan Framework Cross-Site CWE-79 High Scripting (1.7.5)
WordPress Plugin Token Manager 'tid' Parameter CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.0.2)
WordPress Plugin Tom M8te Directory Traversal CVE-2014-5187 CWE-22 High (1.5.3)
WordPress Plugin ToolPage Cross-Site Scripting CVE-2014-4560 CWE-79 High (1.6.1)
WordPress Plugin Top 10-Popular posts plugin for CWE-352 High WordPress Cross-Site Request Forgery (1.9.2)
WordPress Plugin Top Quark Architecture CWE-434 High 'script.php' Arbitrary File Upload (2.1.0)
WordPress Plugin Track That Stat 'data' Parameter CWE-79 High Cross-Site Scripting (1.0.8)
WordPress Plugin Traffic Analyzer Cross-Site CVE-2013-3526 CWE-79 High Scripting (3.3.2)
WordPress Plugin Traffic Analyzer SQL Injection CWE-89 High (3.4.2)
WordPress Plugin Transposh WordPress CWE-79 High Translation Cross-Site Scripting (0.8.3)
WordPress Plugin Trashbin 'mtb_undelete' CWE-79 High Parameter Cross-Site Scripting (0.1)
WordPress Plugin Tribulant Newsletters High Unspecified Vulnerability (4.5.5.2)
WordPress Plugin Tribulant Slideshow Gallery CVE-2014-5460 CWE-20 High Arbitrary File Upload (1.4.6)
WordPress Plugin Tribulant Slideshow Gallery CWE-79 High Cross-Site Scripting (1.5.3.4)
WordPress Plugin Tribulant Slideshow Gallery High Multiple Unspecified Vulnerabilities (1.5.3.3)
WordPress Plugin Tribulant Slideshow Gallery CWE-79 CWE-2 High Multiple Vulnerabilities (1.5.1) 00
WordPress Plugin Tribulant Slideshow Gallery CWE-79 CWE-4 High Multiple Vulnerabilities (1.5.3) 34
WordPress Plugin Tribulant Slideshow Gallery High Unspecified Vulnerability (1.6.2)
WordPress Plugin Tune Library 'letter' Parameter CWE-89 High SQL Injection (1.5.1)
WordPress Plugin Tune Library SQL Injection (1.5.4) CVE-2015-3314 CWE-89 High
WordPress Plugin Tweet Blender Cross-Site CVE-2013-6342 CWE-79 High Scripting (4.0.1)
WordPress Plugin Tweet Wheel Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.0.3.2)
WordPress Plugin Tweet Wheel Spam (0.3) CWE-702 High
�101 Vulnerability Name CVE CWE Severity
WordPress Plugin TweetScribe Cross-Site Request CVE-2014-9399 CWE-352 High Forgery (1.1)
WordPress Plugin Twitget Cross-Site Request CVE-2014-2559 CVE-2014-2995 CWE-352 High Forgery (3.3.2)
WordPress Plugin Twitter Button by BestWebSoft CWE-352 High Cross-Site Request Forgery (2.14)
WordPress Plugin Twitter Button by BestWebSoft CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.36)
WordPress Plugin Twitter Feed:Embedded Timeline CVE-2010-4825 CWE-79 High 'url' Parameter Cross-Site Scripting (0.3.1)
WordPress Plugin Twitter LiveBlog Cross-Site CVE-2014-9398 CWE-352 High Request Forgery (1.1.2)
WordPress Plugin Types Cross-Site Scripting CWE-79 High (1.8.7.2)
WordPress Plugin Types-Custom Fields and Custom CVE-2013-2768 CWE-79 CWE-3 High Post Types Management Cross-Site Scripting and 52 Cross-Site Request Forgery Vulnerabilities (1.2.1.1)
WordPress Plugin Types-Custom Fields and Custom CWE-915 High Post Types Management PHP Object Injection (1.5.7)
WordPress Plugin U BuddyPress Forum CWE-22 High Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
WordPress Plugin U Extended Comment 'fileurl' CWE-22 High Parameter Arbitrary File Download (1.0.1)
WordPress Plugin UK Cookie Cross-Site Request CVE-2013-2180 CWE-352 High Forgery (1.1)
WordPress Plugin UPM Polls 'PID' Parameter SQL CWE-89 High Injection (1.0.4)
WordPress Plugin UPM Polls 'qid' Parameter SQL CWE-89 High Injection (1.0.3)
WordPress Plugin URL Cloak & Encrypt Cross-Site CVE-2014-4563 CWE-79 High Scripting (2.0)
WordPress Plugin Ultimate Member Arbitrary File CWE-73 High Deletion (1.0.78)
WordPress Plugin Ultimate Member Arbitrary File CWE-434 High Upload (1.0.83)
WordPress Plugin Ultimate Member Cross-Site CWE-79 High Scripting (1.2.3)
WordPress Plugin Ultimate Member Cross-Site CWE-79 High Scripting (1.2.995)
WordPress Plugin Ultimate Member Cross-Site CVE-2015-8354 CWE-79 High Scripting (1.3.28)
WordPress Plugin Ultimate Member Information CWE-200 High Disclosure (1.2.5)
WordPress Plugin Ultimate Product Catalogue CWE-434 High Arbitrary File Upload (3.1.1)
WordPress Plugin Ultimate Product Catalogue CWE-89 High Multiple SQL Injection Vulnerabilities (2.1)
�102 Vulnerability Name CVE CWE Severity
WordPress Plugin Ultimate Product Catalogue CWE-79 CWE-3 High Multiple Vulnerabilities (3.1.2) 52 CWE-434
WordPress Plugin Ultimate Product Catalogue SQL CWE-89 High Injection (3.1.2)
WordPress Plugin Ultimate Product Catalogue High Unspecified Vulnerability (3.1.3)
WordPress Plugin Ultimate Profile Builder By CWE-79 CWE-3 High CMSHelpLive Multiple Vulnerabilities (2.3.3) 52
WordPress Plugin Ultimate Tag Cloud Widget High Unspecified Vulnerability (2.3)
WordPress Plugin Ultimate TinyMCE CVE-2012-3414 CWE-79 High 'swfupload.swf' Cross-Site Scripting (3.5)
WordPress Plugin Ultimate TinyMCE Multiple High Unspecified Vulnerabilities (5.0)
WordPress Plugin UnGallery 'search' Parameter CWE-95 High Remote Arbitrary Command Execution (2.1.5)
WordPress Plugin UnGallery 'source_vuln.php' CWE-22 High Local File Disclosure (1.5.8)
WordPress Plugin Unconfirmed Cross-Site Scripting CVE-2014-100018 CWE-79 High (1.2.3)
WordPress Plugin Unite Gallery Lite Multiple CWE-89 CWE-3 High Vulnerabilities (1.4.6) 52
WordPress Plugin Universal Analytics Cross-Site CWE-79 High Scripting (1.3.0)
WordPress Plugin Universal Post Manager Cross- CWE-79 CWE-8 High Site Scripting and SQL Injection Vulnerabilities 9 (1.0.9)
WordPress Plugin Unlimited Pop-Ups Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.4.3)
WordPress Plugin UpdraftPlus Backup and CWE-79 High Restoration Cross-Site Scripting (1.9.63)
WordPress Plugin UpdraftPlus Backup and CWE-264 High Restoration Security Bypass (1.9.50)
WordPress Plugin Uploader 'num' Parameter Cross- CWE-79 High Site Scripting (1.0.0)
WordPress Plugin Uploader 'uploadify.php' CWE-434 High Arbitrary File Upload (1.0.4)
WordPress Plugin Uploader Cross-Site Scripting CVE-2013-2287 CVE-2013-2288 CWE-79 CWE-4 High and Arbitrary File Upload Vulnerabilities (1.0.4) 34
WordPress Plugin Uploadify Integration Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (0.9.6)
WordPress Plugin Uploadify Remote File Upload CWE-20 High (1.0)
WordPress Plugin Use Any Font Unspecified High Vulnerability (4.3.6)
WordPress Plugin User Avatar TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (1.3.7)
WordPress Plugin User Avatar Unspecified High Vulnerability (1.4.6)
�103 Vulnerability Name CVE CWE Severity
WordPress Plugin User Domain Whitelist Multiple CWE-79 CWE-3 High Vulnerabilities (1.4) 52
WordPress Plugin User Meta 'uploader.php' CWE-434 High Arbitrary File Upload (1.1.1)
WordPress Plugin User Meta Manager Information CWE-200 High Disclosure (3.4.7)
WordPress Plugin User Meta Manager Multiple CWE-89 CWE-2 High Vulnerabilities (3.4.6) 64
WordPress Plugin User Photo 'user-photo.php' CVE-2013-1916 CWE-20 High Arbitrary File Upload (0.9.4)
WordPress Plugin User Photo Cross-Site Scripting CVE-2012-2920 CWE-79 High (0.9.5.1)
WordPress Plugin User Role Editor Cross-Site CWE-352 High Request Forgery (3.12)
WordPress Plugin User Role by BestWebSoft Cross- CWE-79 High Site Scripting (1.4.1)
WordPress Plugin User Self Delete SQL Injection CWE-89 High (1.1)
WordPress Plugin User Submitted Posts Cross-Site CWE-79 High Scripting (20151113)
WordPress Plugin UserPro Cross-Site Scripting CWE-79 High (2.33)
WordPress Plugin Username Changer Multiple CWE-89 CWE-2 High Vulnerabilities (1.4) 64
WordPress Plugin Usernoise modal feedback/ CWE-79 High contact form Cross-Site Scripting (3.7.8)
WordPress Plugin Users Ultra Membership CWE-434 High Arbitrary File Upload (1.5.58)
WordPress Plugin Users Ultra Membership Multiple CWE-79 CWE-8 High Vulnerabilities (1.5.62) 9
WordPress Plugin Users Ultra SQL Injection (1.3.58) CWE-89 High
WordPress Plugin Users Ultra SQL Injection (1.4.35) CWE-89 High
WordPress Plugin Users Ultra SQL Injection (1.5.15) CVE-2015-4109 CWE-89 High
WordPress Plugin Users to CSV Cross-Site Request CWE-352 High Forgery (1.4.5)
WordPress Plugin VIDEO GALLERY 'upload1.php' CWE-434 High Arbitrary File Upload (1.3)
WordPress Plugin VK Gallery TimThumb Arbitrary CVE-2011-4106 CWE-20 High File Upload (1.1.0)
WordPress Plugin VKontakte API Cross-Site CVE-2009-4168 CWE-79 High Scripting (2.7)
WordPress Plugin VN-Calendar Multiple Cross-Site CVE-2014-4571 CWE-79 High Scripting Vulnerabilities (1.0)
WordPress Plugin Validated Cross-Site Scripting CVE-2014-4564 CWE-79 High (1.0.2)
WordPress Plugin VaultPress Cross-Site Scripting CWE-79 High (1.7.7)
�104 Vulnerability Name CVE CWE Severity
WordPress Plugin VaultPress Unspecified High Vulnerability (1.7.1)
WordPress Plugin Velvet Blues Update URLs High Unspecified Vulnerability (2.1)
WordPress Plugin Verification Code for Comments CVE-2014-4565 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.1.0)
WordPress Plugin Vertical SlideShow 'upload.php' CWE-434 High Arbitrary File Upload (2.1)
WordPress Plugin Verve Meta Boxes TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (1.2.8)
WordPress Plugin Video Chat Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.4.1)
WordPress Plugin Video Comments Webcam CVE-2014-4567 CWE-79 High Recorder Cross-Site Scripting (1.55)
WordPress Plugin Video Embed & Thumbnail CVE-2012-1785 CWE-20 High Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)
WordPress Plugin Video Embed & Thumbnail CWE-79 High Generator Cross-Site Scripting (4.0.3)
WordPress Plugin Video Embed & Thumbnail CVE-2012-1786 CWE-200 High Generator Information Disclosure (1.1)
WordPress Plugin Video Gallery /w YouTube, Vimeo CWE-434 High Arbitrary File Upload (8.48)
WordPress Plugin Video Gallery /w YouTube, Vimeo CWE-79 CWE-3 High Multiple Vulnerabilities (8.80) 52
WordPress Plugin Video Gallery Cross-Site Scripting CWE-79 High (1.2.4)
WordPress Plugin Video Lead Form 'errMsg' CVE-2012-6312 CWE-79 High Parameter Cross-Site Scripting (0.5)
WordPress Plugin Video Metabox Cross-Site CWE-79 High Scripting (1.1)
WordPress Plugin Video Posts Webcam Recorder CVE-2014-4568 CWE-79 High Cross-Site Scripting (1.55.4)
WordPress Plugin VideoJS-HTML5 Video Player CWE-79 High Cross-Site Scripting (3.2.3)
WordPress Plugin VideoWhisper Live Streaming CVE-2014-4569 CWE-79 High Integration Cross-Site Scripting (4.27.2)
WordPress Plugin VideoWhisper Live Streaming CVE-2013-5714 CWE-79 High Integration Multiple Cross-Site Scripting Vulnerabilities (4.25.3)
WordPress Plugin VideoWhisper Live Streaming CWE-79 High Integration Multiple Cross-Site Scripting Vulnerabilities (4.29.6)
WordPress Plugin VideoWhisper Live Streaming CVE-2014-1905 CVE-2014-1906CVE-2014-1907 CVE-2014-1 CWE-22 CWE-7 High Integration Multiple Vulnerabilities (4.27.4) 908 9 CWE-211 CWE -434
WordPress Plugin VideoWhisper Video Conference CWE-434 High Integration 'vw_upload.php' Arbitrary File Upload (4.51)
�105 Vulnerability Name CVE CWE Severity
WordPress Plugin VideoWhisper Video Conference CWE-434 High Integration Arbitrary File Upload (4.91.8)
WordPress Plugin VideoWhisper Video CWE-89 High Presentation 'c_status.php' SQL Injection (1.1)
WordPress Plugin VideoWhisper Video CWE-434 High Presentation 'vw_upload.php' Arbitrary File Upload (3.17)
WordPress Plugin VideoWhisper Video CWE-434 High Presentation Arbitrary File Upload (3.31.17)
WordPress Plugin VideoWhisper Video CVE-2014-4570 CWE-79 High Presentation Multiple Cross-Site Scripting Vulnerabilities (3.25)
WordPress Plugin Videox7 UGC 'listid' Parameter CWE-79 High Cross-Site Scripting (2.5.3.2)
WordPress Plugin Viper's Video Quicktags High Unspecified Vulnerability (6.4.4)
WordPress Plugin Virtue/Pinnacle ToolKit High Unspecified Vulnerability (2.5)
WordPress Plugin Visitor Maps and Who's Online CWE-79 High Cross-Site Scripting (1.5.8.6)
WordPress Plugin Visual Composer:Page Builder CWE-79 High for WordPress Multiple Cross-Site Scripting Vulnerabilities (4.7.3)
WordPress Plugin Visual Form Builder Cross-Site CWE-79 High Scripting (2.8.4)
WordPress Plugin Visual Form Builder Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (2.8.6)
WordPress Plugin Visual Form Builder Multiple CWE-79 CWE-8 High Vulnerabilities (2.8.2) 9
WordPress Plugin Vitamin Multiple Arbitrary File CVE-2012-6651 CWE-22 High Disclosure Vulnerabilities (1.0.0)
WordPress Plugin Vodpod Video Gallery 'gid' CVE-2010-4875 CWE-79 High Parameter Cross-Site Scripting (3.1.5)
WordPress Plugin Votecount for Balatarin Cross- CVE-2014-4572 CWE-79 High Site Scripting (0.1.1)
WordPress Plugin W3 Total Cache Backdoor CWE-95 High (0.9.2.2)
WordPress Plugin W3 Total Cache Information CWE-200 High Disclosure (0.9.2.4)
WordPress Plugin W3 Total Cache Multiple CVE-2014-8724 CVE-2014-9414 CWE-79 CWE-3 High Vulnerabilities (0.9.4) 52
WordPress Plugin W3 Total Cache PHP Code CVE-2013-2010 CWE-95 High Injection (0.9.2.8)
WordPress Plugin WC Marketplace Unspecified High Vulnerability (2.1.2)
WordPress Plugin WHIZZ Cross-Site Scripting (1.0.7) CWE-79 High
WordPress Plugin WHOIS 'domain' Parameter CVE-2011-5194 CWE-79 High Cross-Site Scripting (1.4.2.2)
�106 Vulnerability Name CVE CWE Severity
WordPress Plugin WORDPRESS VIDEO GALLERY CWE-352 High Multiple Cross-Site Request Forgery Vulnerabilities (2.8)
WordPress Plugin WORDPRESS VIDEO GALLERY CVE-2014-9097 CVE-2014-9098 CWE-79 CWE-8 High Multiple Vulnerabilities (2.3.1) 9
WordPress Plugin WORDPRESS VIDEO GALLERY CWE-264 High Open Email Relay (2.8)
WordPress Plugin WORDPRESS VIDEO GALLERY CVE-2013-3478 CWE-89 High SQL Injection (2.0)
WordPress Plugin WORDPRESS VIDEO GALLERY CVE-2015-2065 CWE-89 High SQL Injection (2.7)
WordPress Plugin WORDPRESS VIDEO GALLERY CWE-89 High SQL Injection (2.8)
WordPress Plugin WP Accurate Form Data Multiple CWE-79 CWE-3 High Vulnerabilities (1.2) 52
WordPress Plugin WP Admin UI Customize Cross- CWE-79 High Site Scripting (1.5.2.6)
WordPress Plugin WP Advanced Comment Cross- CWE-79 High Site Scripting (0.10)
WordPress Plugin WP Advanced Importer Cross- CWE-79 High Site Scripting (2.1.1)
WordPress Plugin WP Ajax Recent Posts 'number' CWE-79 High Parameter Cross-Site Scripting (1.0.1)
WordPress Plugin WP AmASIN-The Amazon Affiliate CVE-2014-4577 CWE-22 High Shop Directory Traversal (0.9.6)
WordPress Plugin WP App Maker Cross-Site CVE-2014-4578 CWE-79 High Scripting (1.0.16.4)
WordPress Plugin WP Attachment Export Arbitrary CWE-538 High File Download (0.2.3)
WordPress Plugin WP Auctions 'wpa_id' Parameter CWE-89 High SQL Injection (1.8.8)
WordPress Plugin WP Backitup Cross-Site Request CWE-352 High Forgery (1.6.7)
WordPress Plugin WP Backitup Multiple CVE-2014-8805 CVE-2014-9012 CWE-264 CWE- High Vulnerabilities (1.9) 538
WordPress Plugin WP Bannerize CWE-89 High 'ajax_clickcounter.php' SQL Injection (2.8.6)
WordPress Plugin WP Bannerize 'ajax_sorter.php' CWE-89 High SQL Injection (2.8.7)
WordPress Plugin WP Banners Lite Cross-Site CWE-79 High Scripting (1.40)
WordPress Plugin WP Business Directory Cross-Site CWE-79 High Scripting (1.0.5)
WordPress Plugin WP Business Intelligence Lite CWE-434 High Arbitrary File Upload (1.0.6)
WordPress Plugin WP Business Intelligence Lite CWE-89 High SQL Injection (1.6.1)
WordPress Plugin WP CSS 'wp-css-compress.php' CWE-22 High Local File Disclosure (2.0.5)
�107 Vulnerability Name CVE CWE Severity
WordPress Plugin WP CleanFix Cross-Site Request CVE-2013-2108 CVE-2013-2109 CWE-352 High Forgery (2.4.4)
WordPress Plugin WP Clone by WP Academy Cross- CVE-2013-1808 CWE-79 High Site Scripting (2.1.1)
WordPress Plugin WP Comment Remix SQL CWE-79 CWE-8 High Injection and HTML Injection Vulnerabilities (1.4.3) 9
WordPress Plugin WP Construction Mode Cross- CVE-2014-4854 CWE-352 High Site Request Forgery (1.8)
WordPress Plugin WP Construction Mode Cross- CWE-352 High Site Request Forgery (1.91)
WordPress Plugin WP Consultant Cross-Site CVE-2014-4582 CWE-79 High Scripting (1.0)
WordPress Plugin WP Contact Bank-Contact Forms CVE-2014-3841 CWE-79 High Builder 'Label' Field Cross-Site Scripting (2.0.19)
WordPress Plugin WP Contact Bank-Contact Forms CWE-79 High Builder Cross-Site Scripting (2.0.226)
WordPress Plugin WP Contact Bank-Contact Forms CVE-2014-8807 CWE-79 High Builder Cross-Site Scripting (2.0.69)
WordPress Plugin WP Crontrol Cross-Site Scripting CWE-79 High (1.2.3)
WordPress Plugin WP Custom Pages 'url' CVE-2011-1669 CWE-22 High Parameter Local File Disclosure (0.5.0.1)
WordPress Plugin WP Customer Reviews High Unspecified Vulnerability (3.0.7)
WordPress Plugin WP DS FAQ 'ajax.php' SQL CWE-89 High Injection (1.3.2)
WordPress Plugin WP Database Backup Cross-Site CWE-79 High Scripting (3.3)
WordPress Plugin WP Easy Gallery 'add-gallery.php' CWE-434 High Arbitrary File Upload (1.8)
WordPress Plugin WP Easy Gallery 'select_gallery' CWE-79 High Parameter Cross-Site Scripting (1.7)
WordPress Plugin WP Easy Gallery Cross-Site CWE-79 High Scripting (4.1)
WordPress Plugin WP Easy Gallery Cross-Site CWE-79 High Scripting (4.1.3)
WordPress Plugin WP Easy Gallery Cross-Site CWE-79 High Scripting (4.1.4)
WordPress Plugin WP Easy Gallery Multiple High Unspecified Vulnerabilities (2.7)
WordPress Plugin WP Easy Poll Multiple CWE-79 CWE-3 High Vulnerabilities (1.1.3) 52
WordPress Plugin WP Easy Post Types Cross-Site CVE-2014-4524 CWE-79 High Scripting (1.4.3)
WordPress Plugin WP Easy Slideshow Multiple CWE-352 High Cross-Site Request Forgery Vulnerabilities (1.0.3)
WordPress Plugin WP Easy Stats 'homep' CWE-94 High Parameter Remote File Include (1.8)
�108 Vulnerability Name CVE CWE Severity
WordPress Plugin WP Edit Unspecified Vulnerability High (3.0)
WordPress Plugin WP Events Calendar 'event_id' CWE-89 High Parameter SQL Injection (6.5.2)
WordPress Plugin WP External Links (nofollow new CWE-79 High window seo) Multiple Cross-Site Scripting Vulnerabilities (1.80)
WordPress Plugin WP Fast Cache Multiple CWE-79 CWE-3 High Vulnerabilities (1.4) 52
WordPress Plugin WP Fastest Cache Cross-Site CVE-2015-4089 CWE-352 High Request Forgery (0.8.3.4)
WordPress Plugin WP Fastest Cache SQL Injection CWE-89 High (0.8.4.8)
WordPress Plugin WP Favorite Posts Cross-Site CVE-2016-1160 CWE-79 High Scripting (1.6.5)
WordPress Plugin WP Featured Post with CWE-79 High thumbnail 'src' Parameter Cross-Site Scripting (3.0)
WordPress Plugin WP Flash Player Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (1.3)
WordPress Plugin WP Forum Multiple Security CWE-79 CWE-8 High Vulnerbilities (1.7.8) 9 CWE-201 CWE -425 CWE-472
WordPress Plugin WP Forum Server 'edit_post_id' CVE-2012-6625 CWE-89 High Parameter SQL Injection (1.7)
WordPress Plugin WP Forum Server Cross-Site CVE-2012-6622 CVE-2012-6623CVE-2012-6625 CWE-79 CWE-8 High Scripting and SQL Injection Vulnerabilities (1.7.3) 9
WordPress Plugin WP Forum Server Multiple SQL CVE-2011-1047 CWE-89 High Injection (1.6.5)
WordPress Plugin WP Front-End Repository CWE-434 High Manager Arbitrary File Upload (1.1)
WordPress Plugin WP FuneralPress Multiple Cross- CVE-2013-3529 CWE-79 High Site Scripting Vulnerabilities (1.1.6)
WordPress Plugin WP GPX Maps 'wp-gpx- CVE-2012-6649 CWE-434 High maps_admin_tracks.php' Arbitrary File Upload (1.1.22)
WordPress Plugin WP Glossary 'ajax.php' SQL CWE-89 High Injection (0.1)
WordPress Plugin WP Google Fonts Cross-Site CWE-79 High Scripting (3.1.3)
WordPress Plugin WP Google Map Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (2.3.9)
WordPress Plugin WP Google Maps Multiple Cross- CVE-2014-7182 CWE-79 High Site Scripting Vulnerabilities (6.0.26)
WordPress Plugin WP Google Maps Unspecified High Vulnerability (6.2.1)
WordPress Plugin WP GuestMap Multiple Cross- CVE-2014-4587 CWE-79 High Site Scripting Vulnerabilities (1.8)
WordPress Plugin WP HTML Sitemap Cross-Site CVE-2014-2675 CWE-352 High Request Forgery (1.2)
�109 Vulnerability Name CVE CWE Severity
WordPress Plugin WP Idea Stream Cross-Site CWE-79 High Scripting (2.1.1)
WordPress Plugin WP Instagram-Best Instagram CWE-79 High Feeds Cross-Site Scripting (1.0.19)
WordPress Plugin WP Job Manager Cross-Site CWE-79 High Scripting (1.23.7)
WordPress Plugin WP Js External Link Info Cross- CWE-79 High Site Scripting (1.21)
WordPress Plugin WP Js External Link Info Open CWE-601 High Redirect (1.21)
WordPress Plugin WP Keyword Link Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (1.7)
WordPress Plugin WP Lead Management Cross-Site CWE-79 High Scripting (3.0.0)
WordPress Plugin WP Legal Pages Cross-Site CWE-79 High Scripting (1.0.1)
WordPress Plugin WP Limit Login Attempts SQL CVE-2015-6829 CWE-89 High Injection (2.0.0)
WordPress Plugin WP Limit Posts Automatically CVE-2014-9401 CWE-352 High Cross-Site Request Forgery (0.7)
WordPress Plugin WP Link To Us Multiple Cross-Site CVE-2013-1808 CWE-79 High Scripting Vulnerabilities (2.0)
WordPress Plugin WP Live Chat Support Cross-Site CWE-79 High Scripting (4.0.2)
WordPress Plugin WP Live Chat Support Multiple CWE-79 CWE-8 High Vulnerabilities (4.3.5) 9
WordPress Plugin WP Live.php 's' Parameter Cross- CVE-2012-5346 CWE-79 High Site Scripting (1.2.1)
WordPress Plugin WP Mail SMTP Unspecified High Vulnerability (0.9.4)
WordPress Plugin WP Mailto Links-Manage Email CWE-79 High Links Cross-Site Scripting (2.0.1)
WordPress Plugin WP Maintenance Mode Cross- CVE-2013-3250 CWE-352 High Site Request Forgery (1.8.7)
WordPress Plugin WP Marketplace TimThumb CVE-2011-4106 CWE-20 High Arbitrary File Upload (1.1.0)
WordPress Plugin WP Marketplace-Complete CWE-434 High Shopping Cart/eCommerce Solution 'uploadify.php' Arbitrary File Upload (1.6.1)
WordPress Plugin WP Marketplace-Complete CVE-2014-9013 CVE-2014-9014 CWE-22 High Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)
WordPress Plugin WP Marketplace-Complete CWE-434 High Shopping Cart/eCommerce Solution Arbitrary File Upload (1.2.1)
WordPress Plugin WP Mass Mail Open Email Relay CWE-264 High (2.45)
WordPress Plugin WP Media Cleaner Multiple CVE-2015-2195 CWE-79 High Cross-Site Scripting Vulnerabilities (2.2.6)
�110 Vulnerability Name CVE CWE Severity
WordPress Plugin WP Membership Multiple CVE-2015-4038 CVE-2015-4039 CWE-79 CWE-2 High Vulnerabilities (1.2.3) 64
WordPress Plugin WP Mobile Detector Cross-Site CWE-79 High Scripting (3.2)
WordPress Plugin WP Mobile Detector Unspecified High Vulnerability (2.1)
WordPress Plugin WP Mobile Edition Arbitrary File CWE-22 High Disclosure (2.2.7)
WordPress Plugin WP Mobile Edition Multiple CWE-22 CWE-7 High Vulnerabilities (2.4) 9
WordPress Plugin WP OAuth Server Security CWE-326 High Bypass (3.1.4)
WordPress Plugin WP Online Store Local File CWE-22 CWE-5 High Include and Multiple File Disclosure Vulnerabilities 38 (1.3.1)
WordPress Plugin WP PHP widget Information CVE-2013-0721 CWE-200 High Disclosure (1.0.2)
WordPress Plugin WP Page Widget Cross-Site CWE-79 High Scripting (2.7)
WordPress Plugin WP People 'wp-people- CWE-89 High popup.php' SQL Injection (2.0)
WordPress Plugin WP Photo Album 'id' Parameter CWE-79 High Cross-Site Scripting (1.5.1)
WordPress Plugin WP Photo Album 'photo' CVE-2008-0939 CWE-89 High Parameter SQL Injection (1.0)
WordPress Plugin WP Photo Album Plus 'wppa- CWE-89 High album' Parameter SQL Injection (4.1.1)
WordPress Plugin WP Photo Album Plus Cross-Site CWE-352 High Request Forgery (4.8.11)
WordPress Plugin WP Photo Album Plus Cross-Site CWE-79 High Scripting (4.9.2)
WordPress Plugin WP Photo Album Plus Cross-Site CWE-79 High Scripting (5.0.10)
WordPress Plugin WP Photo Album Plus Cross-Site CVE-2013-3254 CWE-79 High Scripting (5.0.2)
WordPress Plugin WP Photo Album Plus Cross-Site CVE-2014-8814 CWE-79 High Scripting (5.4.17)
WordPress Plugin WP Photo Album Plus Cross-Site CWE-79 High Scripting (5.4.7)
WordPress Plugin WP Photo Album Plus Cross-Site CVE-2015-3647 CWE-79 High Scripting (6.1.2)
WordPress Plugin WP Photo Album Plus Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (5.4.4)
WordPress Plugin WP Planet Cross-Site Scripting CVE-2014-4592 CWE-79 High (0.1)
WordPress Plugin WP Plugin Manager (WPPM) CVE-2014-4593 CWE-79 High Cross-Site Scripting (1.6.4.b)
WordPress Plugin WP Portfolio Gallery Cross-Site CWE-79 High Scripting (1.0.0)
�111 Vulnerability Name CVE CWE Severity
WordPress Plugin WP Post to PDF Cross-Site CWE-79 High Scripting (2.3.1)
WordPress Plugin WP Print Friendly Cross-Site CWE-79 High Scripting (0.6)
WordPress Plugin WP Print Friendly Security Bypass CWE-264 High (0.5.2)
WordPress Plugin WP Private Messages SQL CWE-89 High Injection (1.0.1)
WordPress Plugin WP Publication Archive 'file' CWE-22 High Parameter Directory Traversal (2.3)
WordPress Plugin WP REST API (WP API) Cross-Site CWE-352 High Request Forgery (1.1)
WordPress Plugin WP REST API (WP API) Cross-Site CWE-79 High Scripting (1.2.2)
WordPress Plugin WP REST API (WP API) CWE-200 High Information Disclosure (1.2)
WordPress Plugin WP REST API (WP API) Security CWE-264 High Bypass (1.2.1)
WordPress Plugin WP RSS Aggregator Multiple High Unspecified Vulnerabilities (4.6.8)
WordPress Plugin WP RSS Aggregator Security CVE-2014-9314 CWE-264 High Bypass (4.6.3)
WordPress Plugin WP RSS Multi Importer Multiple CWE-352 High Cross-Site Request Forgery Vulnerabilities (3.11)
WordPress Plugin WP RSS Multi Importer Multiple CWE-79 CWE-8 High Vulnerabilities (3.15) 9
WordPress Plugin WP Review Multiple Unspecified High Vulnerabilities (2.0)
WordPress Plugin WP Rollback Multiple CWE-79 CWE-3 High Vulnerabilities (1.2.2) 52
WordPress Plugin WP Rss Poster SQL Injection CVE-2014-4938 CWE-89 High (1.0.0)
WordPress Plugin WP SVG Icons Multiple High Unspecified Vulnerabilities (3.1.8.1)
WordPress Plugin WP Safe Search 'v1' Parameter CVE-2010-4518 CWE-79 High Cross-Site Scripting (0.7)
WordPress Plugin WP Shop Multiple SQL Injection CWE-89 High Vulnerabilities (3.4.3.15)
WordPress Plugin WP Shop Multiple Vulnerabilities CWE-79 CWE-3 High (3.4.3.18) 52
WordPress Plugin WP Silverlight Media Player CVE-2014-4589 CWE-79 High Cross-Site Scripting (0.8)
WordPress Plugin WP Simple Booking Calendar CWE-352 High Cross-Site Request Forgery (1.3)
WordPress Plugin WP Simple Login Registration CWE-79 High Cross-Site Scripting (1.0.2)
WordPress Plugin WP SimpleMail Multiple Cross- CVE-2012-2579 CWE-79 High Site Scripting Vulnerabilities (1.0.6)
�112 Vulnerability Name CVE CWE Severity
WordPress Plugin WP SlimStat Cross-Site Scripting CWE-79 High (2.8.4)
WordPress Plugin WP Slimstat Cross-Site Scripting CWE-79 High (0.9.2)
WordPress Plugin WP Slimstat Cross-Site Scripting CVE-2014-100027 CWE-79 High (3.5.5)
WordPress Plugin WP Slimstat Cross-Site Scripting CVE-2015-1204 CWE-79 High (3.9.1)
WordPress Plugin WP Slimstat Cross-Site Scripting CWE-79 High (4.1.5.2)
WordPress Plugin WP Slimstat SQL Injection (3.9.5) CWE-89 High
WordPress Plugin WP Smart Image II Cross-Site CWE-79 High Scripting (0.2)
WordPress Plugin WP Smiley Multiple CVE-2015-4139 CVE-2015-4140 CWE-79 CWE-3 High Vulnerabilities (1.4.1) 52
WordPress Plugin WP Social Bookmarking Light CWE-79 High Cross-Site Scripting (1.7.9)
WordPress Plugin WP Social Invitations Cross-Site CVE-2014-4597 CWE-79 High Scripting (1.4.4.2)
WordPress Plugin WP Socializer 'val' Parameter CWE-79 High Cross-Site Scripting (2.4.2)
WordPress Plugin WP Source Control Directory CVE-2014-5368 CWE-22 High Traversal (3.0.0)
WordPress Plugin WP Statistics Cross-Site Scripting CWE-79 High (8.3)
WordPress Plugin WP Statistics Cross-Site Scripting CWE-79 High (9.1.2)
WordPress Plugin WP Statistics Cross-Site Scripting CWE-79 High (9.5.1)
WordPress Plugin WP Statistics Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.2.4)
WordPress Plugin WP Statistics Multiple High Unspecified Vulnerabilities (9.6.5)
WordPress Plugin WP Statistics SQL Injection (9.4) CWE-89 High
WordPress Plugin WP Subscribe Cross-Site CWE-79 High Scripting (1.0.2)
WordPress Plugin WP Super Cache Cross-Site CWE-79 High Scripting (1.3)
WordPress Plugin WP Super Cache Cross-Site CWE-79 High Scripting (1.4)
WordPress Plugin WP Super Cache Cross-Site CWE-79 High Scripting (1.4.2)
WordPress Plugin WP Super Cache Multiple CWE-22 CWE-2 High Vulnerabilities (1.4.4) 3 CWE-79 CWE- 915
WordPress Plugin WP Super Cache PHP Code CVE-2013-2009 CVE-2013-2011 CWE-95 High Injection (1.2)
�113 Vulnerability Name CVE CWE Severity
WordPress Plugin WP Support Plus Responsive CWE-22 CWE-8 High Ticket System Multiple Vulnerabilities (4.1) 9 CWE-200
WordPress Plugin WP Survey And Quiz Tool 'action' CVE-2010-4630 CWE-79 High Parameter Cross-Site Scripting (1.2.1)
WordPress Plugin WP Survey And Quiz Tool CWE-79 High 'rowcount' Parameter Cross-Site Scripting (2.9.2)
WordPress Plugin WP Symposium CWE-89 High 'get_profile_avatar.php' SQL Injection (0.64)
WordPress Plugin WP Symposium A Social Network CWE-79 High For WordPress Multiple Cross-Site Scripting Vulnerabilities (12.07.07)
WordPress Plugin WP Symposium A Social Network CWE-89 High For WordPress Multiple SQL Injection Vulnerabilities (12.06.16)
WordPress Plugin WP Symposium Arbitrary File CVE-2014-10021 CWE-434 High Upload (14.11)
WordPress Plugin WP Symposium Arbitrary File CVE-2011-5051 CWE-434 High Upload Vulnerabilities (11.11.26)
WordPress Plugin WP Symposium Cross-Site CVE-2011-3841 CWE-79 High Scripting (11.11.26)
WordPress Plugin WP Symposium Cross-Site CVE-2013-2695 CWE-79 High Scripting (13.02)
WordPress Plugin WP Symposium Cross-Site CWE-79 High Scripting (15.8.1)
WordPress Plugin WP Symposium Multiple SQL CWE-89 High Injection Vulnerabilities (12.09)
WordPress Plugin WP Symposium Multiple CWE-79 CWE-3 High Vulnerabilities (14.05.02) 52
WordPress Plugin WP Symposium Multiple CVE-2014-8809 CVE-2014-8810 CWE-79 CWE-8 High Vulnerabilities (14.10) 9
WordPress Plugin WP Symposium Open Redirect CVE-2013-2694 CWE-601 High (13.04)
WordPress Plugin WP Symposium Open Redirect CWE-601 High (13.12)
WordPress Plugin WP Symposium Pro Social CWE-79 High Network Cross-Site Scripting (16.01)
WordPress Plugin WP Symposium Pro Social CWE-79 CWE-3 High Network Multiple Vulnerabilities (15.12) 52
WordPress Plugin WP Symposium SQL Injection CVE-2015-3325 CWE-89 High (15.1)
WordPress Plugin WP Symposium SQL Injection CWE-89 High (15.5.1)
WordPress Plugin WP Ultimate CSV Importer Cross- CWE-79 High Site Scripting (3.8.7)
WordPress Plugin WP Ultimate Email Marketer CVE-2013-3263 CVE-2013-3264CVE-2014-4600 CWE-79 CWE-2 High Multiple Vulnerabilities (1.1.0) 64
WordPress Plugin WP Ultimate Exporter Cross-Site CWE-79 High Scripting (1.0)
�114 Vulnerability Name CVE CWE Severity
WordPress Plugin WP Ultimate Exporter SQL CWE-89 High Injection (1.1)
WordPress Plugin WP Unique Article Header Image CVE-2014-9400 CWE-352 High Cross-Site Request Forgery (1.0)
WordPress Plugin WP User Avatar Cross-Site CWE-79 High Scripting (1.9.18)
WordPress Plugin WP User Frontend Arbitrary File CWE-434 High Upload (2.3.10)
WordPress Plugin WP Video Lightbox Cross-Site CWE-79 High Scripting (1.7.4)
WordPress Plugin WP Widget Cache Cross-Site CWE-79 High Scripting (0.26)
WordPress Plugin WP e-Commerce Predictive CWE-79 High Search Cross-Site Scripting (1.1.1)
WordPress Plugin WP e-Commerce Shop Styling CVE-2015-5468 CWE-22 High Arbitrary File Download (2.5)
WordPress Plugin WP e-Commerce Shop Styling CVE-2013-0724 CWE-94 High Remote File Inclusion (1.7.2)
WordPress Plugin WP e-Commerce-Store Exporter CWE-264 High Privilege Escalation (1.6.6)
WordPress Plugin WP e-Commerce-Store Toolkit CWE-264 High Privilege Escalation (2.0)
WordPress Plugin WP e-Commerce-Store Toolkit CWE-264 High Privilege Escalation (2.0.1)
WordPress Plugin WP eCommerce CWE-79 High 'cart_messages[]' Parameter Cross-Site Scripting (3.8.6)
WordPress Plugin WP eCommerce 'collected_data[]' CWE-89 High SQL Injection (3.8.4)
WordPress Plugin WP eCommerce 'cs1' Parameter CWE-89 High SQL Injection (3.8.6)
WordPress Plugin WP eCommerce 'wpsc- CVE-2012-5310 CWE-89 High transaction_results_functions.php' SQL Injection (3.8.7.5)
WordPress Plugin WP eCommerce Cross-Site CWE-79 High Scripting (3.9.2)
WordPress Plugin WP eCommerce HTML Injection CVE-2011-5104 CWE-79 High (3.8.7.1)
WordPress Plugin WP eCommerce Multiple Cross- CWE-79 CWE-8 High Site Scripting and SQL Injection Vulnerabilities 9 (3.8.9)
WordPress Plugin WP eCommerce Multiple High Unspecified Vulnerabilities (3.9.3)
WordPress Plugin WP eCommerce Multiple CVE-2012-2399 CVE-2012-3414 CWE-22 CWE-7 High Vulnerabilities (3.8.9.5) 9 CWE-94 CWE- 434
WordPress Plugin WP eCommerce Multiple CWE-79 CWE-3 High Vulnerabilities (3.9.1) 52
WordPress Plugin WP eCommerce Security Bypass CWE-264 High (3.8.14.3)
�115 Vulnerability Name CVE CWE Severity
WordPress Plugin WP jPlayer Cross-Site Scripting CVE-2013-1942 CWE-79 High (0.1)
WordPress Plugin WP to Twitter Authorization CWE-264 High Bypass (2.9.3)
WordPress Plugin WP to Twitter Cross-Site Scripting CWE-79 High (3.0.5)
WordPress Plugin WP-AutoYoutube 'index.php' CWE-89 High Script SQL Injection (0.1)
WordPress Plugin WP-Ban Security Bypass (1.63) CVE-2014-6230 CWE-284 High
WordPress Plugin WP-BlipBot Cross-Site Scripting CVE-2014-4580 CWE-79 High (3.0.9)
WordPress Plugin WP-Business Directory (wp- CVE-2014-4599 CWE-79 High ttisbdir) Multiple Cross-Site Scripting Vulnerabilities (1.0.2)
WordPress Plugin WP-Cal 'id' Parameter SQL CVE-2008-0490 CWE-89 High Injection (0.3)
WordPress Plugin WP-Contact Multiple Cross-Site CVE-2014-4583 CWE-79 High Scripting Vulnerabilities (1.0)
WordPress Plugin WP-CopyProtect [Protect your CWE-79 High blog posts] Cross-Site Scripting (3.0.0)
WordPress Plugin WP-Cron Dashboard Cross-Site CVE-2013-6991 CWE-79 High Scripting (1.1.5)
WordPress Plugin WP-Cumulus 'tagcloud.swf' CVE-2009-4168 CWE-79 High Cross-Site Scripting (1.22)
WordPress Plugin WP-DB-Backup 'edit.php' CVE-2006-4208 CWE-22 High Directory Traversal (1.7)
WordPress Plugin WP-DBManager 'wp-config.php' CWE-22 High Arbitrary File Download (2.60)
WordPress Plugin WP-DBManager Multiple CVE-2014-8334 CVE-2014-8335CVE-2014-8336 CWE-95 CWE-2 High Vulnerabilities (2.71) 00
WordPress Plugin WP-Download 'dl_id' Parameter CVE-2008-1646 CWE-89 High SQL Injection (1.2)
WordPress Plugin WP-DownloadManager Cross- CVE-2013-2697 CWE-352 High Site Request Forgery (1.60)
WordPress Plugin WP-DownloadManager Cross- CWE-79 High Site Scripting (1.67)
WordPress Plugin WP-FB-AutoConnect Multiple CWE-352 High Cross-Site Request Forgery Vulnerabilities (4.0.5)
WordPress Plugin WP-FaceThumb CVE-2012-2371 CWE-79 High 'pagination_wp_facethumb' Parameter Cross-Site Scripting (0.1)
WordPress Plugin WP-FaceThumb Cross-Site CVE-2014-4585 CWE-79 High Scripting (1.0)
WordPress Plugin WP-FeedStats de HTML Injection CVE-2007-4104 CWE-79 High (2.3)
WordPress Plugin WP-Filebase Download Manager CWE-89 High 'base' Parameter SQL Injection (0.2.9)
WordPress Plugin WP-Filebase Download Manager High Multiple Unspecified Vulnerabilities (0.2.9.24)
�116 Vulnerability Name CVE CWE Severity
WordPress Plugin WP-Filebase Download Manager CWE-94 High Remote Code Execution (0.3.0.03)
WordPress Plugin WP-Footnotes 'admin_panel.php' CVE-2008-0691 CWE-79 High Multiple Remote Vulnerabilities (2.2)
WordPress Plugin WP-Forum 'forum_feed.php' SQL CWE-89 High Injection (1.7.8)
WordPress Plugin WP-Forum 'sendmail.php' SQL CWE-89 High Injection (1.7.8)
WordPress Plugin WP-Forum Multiple SQL Injection CWE-89 High Vulnerabilities (1.7.8)
WordPress Plugin WP-Forum Multiple SQL Injection CVE-2009-3703 CWE-89 High Vulnerabilities (2.3)
WordPress Plugin WP-Forum SQL Injection (1.7.4) CVE-2008-0388 CWE-89 High
WordPress Plugin WP-Forum SQL Injection (2.4) CWE-89 High
WordPress Plugin WP-Invoice-Web Invoice and CWE-200 CWE- High Billing Multiple Vulnerabilities (4.1.0) 264
WordPress Plugin WP-Lytebox 'pg' Parameter Local CVE-2009-4672 CWE-22 High File Inclusion (1.3)
WordPress Plugin WP-Members Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (2.8.9)
WordPress Plugin WP-Mon Arbitrary File Disclosure CWE-22 High (0.5.1)
WordPress Plugin WP-Optimize Multiple CWE-79 CWE-3 High Vulnerabilities (1.8.9.9) 52
WordPress Plugin WP-Paginate Cross-Site Scripting CWE-79 High (1.2.1)
WordPress Plugin WP-Piwik Cross-Site Scripting CWE-79 High (1.0.4)
WordPress Plugin WP-Polls Cross-Site Scripting CWE-79 High (2.60)
WordPress Plugin WP-Polls Cross-Site Scripting CWE-79 High (2.69)
WordPress Plugin WP-Polls SQL Injection (2.61) CWE-89 High
WordPress Plugin WP-Polls SQL Injection (2.71) CWE-89 High
WordPress Plugin WP-PostRatings '[ratings]' CVE-2011-4646 CWE-89 High Shortcode SQL Injection (1.61)
WordPress Plugin WP-PostRatings Cross-Site CWE-79 High Scripting (1.50)
WordPress Plugin WP-PostRatings SQL Injection CWE-89 High (1.83.1)
WordPress Plugin WP-PostViews Cross-Site Request CVE-2013-3252 CWE-352 High Forgery (1.62)
WordPress Plugin WP-Predict 'predictId' Parameter CWE-89 High Blind SQL Injection (1.0)
WordPress Plugin WP-Print Cross-Site Request CVE-2013-2693 CWE-352 High Forgery (2.51)
�117 Vulnerability Name CVE CWE Severity
WordPress Plugin WP-Property-WordPress CWE-434 High Powered Real Estate and Property Management Arbitrary File Upload (1.35.0)
WordPress Plugin WP-Property-WordPress CWE-200 High Powered Real Estate and Property Management Information Disclosure (1.38.3.2)
WordPress Plugin WP-Property-WordPress CWE-89 High Powered Real Estate and Property Management SQL Injection (1.36.0)
WordPress Plugin WP-RESTful Multiple Cross-Site CVE-2014-4595 CWE-79 High Scripting Vulnerabilities (0.1)
WordPress Plugin WP-RecentComments 'page' CVE-2012-1068 CWE-79 High Parameter Cross-Site Scripting (2.0.6)
WordPress Plugin WP-RecentComments SQL CVE-2012-1067 CWE-89 High Injection (2.0.7)
WordPress Plugin WP-SendSMS Cross-Site Request CWE-352 High Forgery (1.0)
WordPress Plugin WP-SpamFree Anti-Spam 'id' CWE-89 High Parameter SQL Injection (3.2.1)
WordPress Plugin WP-StarsRateBox 'j' Parameter CWE-89 High SQL Injection (1.1)
WordPress Plugin WP-Stats 'author' Parameter SQL CVE-2006-0238 CWE-89 High Injection (2.0)
WordPress Plugin WP-Stats Multiple Vulnerabilities CWE-79 CWE-3 High (2.51) 52
WordPress Plugin WP-Stats-Dashboard Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (2.6.5.1)
WordPress Plugin WP-Stats-Dashboard SQL CWE-89 High Injection (2.9.4)
WordPress Plugin WP-Syntax Remote PHP Code CVE-2009-2852 CWE-20 High Execution (0.9.9)
WordPress Plugin WP-Table Reloaded Cross-Site CVE-2013-1463 CWE-79 High Scripting (1.9.3)
WordPress Plugin WP-TopBar Cross-Site Scripting CWE-79 CWE-3 High and Cross-Site Request Forgery Vulnerabilities 52 (4.02)
WordPress Plugin WP-UserOnline URL HTML CWE-79 High Injection (2.62)
WordPress Plugin WP-ViperGB Cross-Site Request CVE-2014-9460 CWE-352 High Forgery (1.3.10)
WordPress Plugin WP-reCAPTCHA Cross-Site CWE-79 High Scripting (3.1.3)
WordPress Plugin WP-reCAPTCHA HTML Injection CVE-2011-0759 CWE-79 CWE-3 High and Cross-Site Request Forgery Vulnerabilities 52 (2.9.8.2)
WordPress Plugin WP125 Cross-Site Request CVE-2013-2700 CWE-352 High Forgery (1.4.9)
WordPress Plugin WP125 Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (1.4.4)
�118 Vulnerability Name CVE CWE Severity
WordPress Plugin WPBook Cross-Site Request CWE-352 High Forgery (2.7)
WordPress Plugin WPCB Cross-Site Scripting (2.4.8) CVE-2014-4581 CWE-79 High
WordPress Plugin WPE Indoshipping Multiple CWE-94 High Remote File Inclusion Vulnerabilities (2.5.0)
WordPress Plugin WPML (WordPress Multilingual) CWE-79 High Cross-Site Scripting (3.2.6)
WordPress Plugin WPML (WordPress Multilingual) CVE-2015-2314 CVE-2015-2315CVE-2015-2791 CVE-2015-2 CWE-79 CWE-8 High Multiple Vulnerabilities (3.1.8.6) 792 9 CWE-284
WordPress Plugin WPPizza Cross-Site Scripting CWE-79 High (2.11.8.17)
WordPress Plugin WPS Hide Login Cross-Site CWE-352 High Request Forgery (1.0)
WordPress Plugin WPhone Cross-Site Scripting CWE-79 High (1.5.2)
WordPress Plugin WPtouch 'wptouch_settings' CVE-2010-4779 CWE-79 High Parameter Cross-Site Scripting (1.9.20)
WordPress Plugin WPtouch Mobile CWE-601 High 'wptouch_redirect' Parameter URI Redirection (1.9.32)
WordPress Plugin WPtouch Mobile Arbitrary File CWE-20 High Upload (3.4.6)
WordPress Plugin WPtouch Mobile Backdoor CWE-95 High (1.9.28)
WordPress Plugin WPtouch Mobile Cross-Site CWE-352 High Request Forgery (1.9.31)
WordPress Plugin WPtouch Mobile Cross-Site CWE-79 High Scripting (3.7.5.3)
WordPress Plugin WPtouch Mobile Multiple Cross- CWE-79 High Site Scripting Vulnerabilities (3.7.3)
WordPress Plugin WPtouch Mobile Open Redirect CWE-601 High (3.4.9)
WordPress Plugin WPtouch Mobile Security Bypass CWE-264 High (3.4.2)
WordPress Plugin WR ContactForm SQL Injection CWE-89 High (1.1.9)
WordPress Plugin WTI Like Post SQL Injection CWE-89 High (1.4.2)
WordPress Plugin Walk Score Multiple Cross-Site CVE-2014-4573 CWE-79 High Scripting Vulnerabilities (0.5.5)
WordPress Plugin WassUp Real Time Analytics CVE-2008-0520 CWE-89 High 'spy.php' SQL Injection (1.4.3)
WordPress Plugin WassUp Real Time Analytics CVE-2012-2633 CWE-79 High Cross-Site Scripting (1.8.3)
WordPress Plugin WassUp Real Time Analytics High Unspecified Vulnerability (1.7.2)
WordPress Plugin Watu Cross-Site Scripting (2.4.9) CVE-2014-8804 CWE-79 High
�119 Vulnerability Name CVE CWE Severity
WordPress Plugin WatuPRO Multiple Vulnerabilities CWE-79 CWE-3 High (4.8.8.4) 52
WordPress Plugin Web Forms for Vtiger wordpress High Lead capture and Contacts Sync Unspecified Vulnerability (1.0.0)
WordPress Plugin WebEngage Feedback, Survey CVE-2014-4574 CWE-79 High and Notification Cross-Site Scripting (2.0.0)
WordPress Plugin Webcam 2Way Videochat Cross- CWE-79 High Site Scripting (4.41)
WordPress Plugin Websimon Tables Cross-Site CWE-79 High Scripting (1.3.4)
WordPress Plugin Website FAQ 'website-faq- CWE-89 High widget.php' SQL Injection (1.0)
WordPress Plugin Welcart e-Commerce Cross-Site CVE-2012-5177 CVE-2012-5178 CWE-79 CWE-3 High Scripting and Cross-Site Request Forgery 52 Vulnerabilities (1.2.1)
WordPress Plugin Welcart e-Commerce Multiple CVE-2015-7791 CWE-89 High SQL Injection Vulnerabilities (1.5.2)
WordPress Plugin Welcart e-Commerce Multiple CVE-2014-10016 CVE-2014-10017 CWE-79 CWE-8 High Vulnerabilities (1.3.12) 9
WordPress Plugin Welcart e-Commerce Multiple CWE-79 CWE-8 High Vulnerabilities (1.4.17) 9
WordPress Plugin White Label CMS Cross-Site CVE-2012-5387 CVE-2012-5388 CWE-352 High Request Forgery (1.5)
WordPress Plugin White Label CMS Cross-Site CWE-79 High Scripting (1.5.2)
WordPress Plugin WhyDoWork AdSense Cross-Site CVE-2014-9099 CVE-2014-9100 CWE-79 CWE-3 High Scripting and Cross-Site Request Forgery 52 Vulnerabilities (1.2)
WordPress Plugin Widget Control Powered By CWE-79 High Everyblock Cross-Site Scripting (1.0.1)
WordPress Plugin WikiPop Cross-Site Scripting (2.0) CVE-2014-4575 CWE-79 High
WordPress Plugin Windows Desktop and iPhone CWE-434 High Photo Uploader Arbitrary File Upload (1.8)
WordPress Plugin WonderPlugin Audio Player CVE-2015-2199 CVE-2015-2218 CWE-79 CWE-8 High Multiple Vulnerabilities (2.0) 9
WordPress Plugin WooCommerce Amazon CWE-434 CWE- High Affiliates Multiple Vulnerabilities (8.0) 538
WordPress Plugin WooCommerce Checkout High Manager Multiple Unspecified Vulnerabilities (3.6.9)
WordPress Plugin WooCommerce Currency CWE-79 High Switcher Cross-Site Scripting (1.1.5.1)
WordPress Plugin WooCommerce Multilingual-run High WooCommerce with WPML Multiple Unspecified Vulnerabilities (3.5.4)
WordPress Plugin WooCommerce Predictive Search CWE-79 High Cross-Site Scripting (1.0.5)
WordPress Plugin WooCommerce SagePay Direct CVE-2014-4549 CWE-79 High Payment Gateway Multiple Cross-Site Scripting Vulnerabilities (0.1.6.6)
�120 Vulnerability Name CVE CWE Severity
WordPress Plugin WooCommerce-Store Exporter CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.7.5)
WordPress Plugin WooCommerce-Store Exporter CWE-264 High Privilege Escalation (1.8.3)
WordPress Plugin WooCommerce-Store Toolkit CWE-264 High Privilege Escalation (1.5.6)
WordPress Plugin WooCommerce-Store Toolkit CWE-264 High Privilege Escalation (1.5.7)
WordPress Plugin WooCommerce-excelling CVE-2014-6313 CWE-352 High eCommerce Cross-Site Request Forgery (2.2.2)
WordPress Plugin WooCommerce-excelling CWE-79 High eCommerce Cross-Site Scripting (2.0.12)
WordPress Plugin WooCommerce-excelling CWE-79 High eCommerce Cross-Site Scripting (2.0.17)
WordPress Plugin WooCommerce-excelling CVE-2015-2069 CWE-79 High eCommerce Cross-Site Scripting (2.2.10)
WordPress Plugin WooCommerce-excelling CWE-79 High eCommerce Cross-Site Scripting (2.4.8)
WordPress Plugin WooCommerce-excelling CVE-2015-2329 CWE-79 CWE-8 High eCommerce Multiple Vulnerabilities (2.3.5) 9
WordPress Plugin WooCommerce-excelling CWE-915 High eCommerce Object Injection (2.3.10)
WordPress Plugin WooCommerce-excelling CWE-264 High eCommerce Security Bypass (2.1.7)
WordPress Plugin WooSidebars Cross-Site Scripting CWE-79 High (1.4.1)
WordPress Plugin Woocommerce Abandoned Cart CWE-89 High Lite SQL Injection (1.8)
WordPress Plugin Woopra Analytics Arbitrary File CVE-2009-4140 CWE-434 High Upload (1.4.3.1)
WordPress Plugin WordPoints Multiple CWE-79 CWE-8 High Vulnerabilities (1.10.2) 9
WordPress Plugin WordPoints Multiple CWE-79 CWE-3 High Vulnerabilities (1.7.0) 52
WordPress Plugin WordPress Access Areas Security CWE-284 High Bypass (1.3.0)
WordPress Plugin WordPress Alipay/Tenpay/PayPal CVE-2014-4514 CWE-79 High Cross-Site Scripting (3.6.0)
WordPress Plugin WordPress Backup to Dropbox CVE-2014-9310 CWE-79 High Cross-Site Scripting (4.0)
WordPress Plugin WordPress Calls to Action Cross- CWE-79 High Site Scripting (2.2.7)
WordPress Plugin WordPress Calls to Action CVE-2015-8350 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (2.5.0)
WordPress Plugin WordPress Calls to Action CWE-79 CWE-3 High Multiple Vulnerabilities (2.3.7) 52
WordPress Plugin WordPress Calls to Action High Unspecified Vulnerability (2.3.1)
�121 Vulnerability Name CVE CWE Severity
WordPress Plugin WordPress Calls to Action High Unspecified Vulnerability (2.3.5)
WordPress Plugin WordPress Catalog 's_p_c_t' CWE-79 High Parameter Multiple Cross-Site Scripting Vulnerabilities (1.1)
WordPress Plugin WordPress Catalog Multiple CWE-79 CWE-8 High Cross-Site Scripting and SQL Injection 9 Vulnerabilities (1.4.6)
WordPress Plugin WordPress Catalog Unspecified High Vulnerability (1.6.8)
WordPress Plugin WordPress Comment Rating CWE-79 High Cross-Site Scripting (1.5.3)
WordPress Plugin WordPress Connect Cross-Site CWE-79 High Scripting (2.0.3)
WordPress Plugin WordPress Content Slide CVE-2013-2708 CWE-79 CWE-3 High Multiple Vulnerabilities (1.4.2) 52
WordPress Plugin WordPress Download Manager CWE-79 High 'cid' Parameter Cross-Site Scripting (2.2.2)
WordPress Plugin WordPress Download Manager CVE-2013-7319 CWE-79 High Cross-Site Scripting (2.5.8)
WordPress Plugin WordPress Download Manager CWE-79 High Cross-Site Scripting (2.7.94)
WordPress Plugin WordPress Download Manager CVE-2014-8585 CWE-22 High Directory Traversal (2.6.95)
WordPress Plugin WordPress Download Manager CWE-284 High Multiple Security Bypass Vulnerabilities (2.6.92)
WordPress Plugin WordPress Download Manager CWE-264 CWE- High Multiple Vulnerabilities (2.8.7) 538
WordPress Plugin WordPress Download Manager CWE-94 High Remote Code Execution (2.7.4)
WordPress Plugin WordPress Download Manager CVE-2014-9260 CWE-264 High Security Bypass (2.7.2)
WordPress Plugin WordPress Event Calendar CWE-79 CWE-8 High Multiple Cross-Site Scripting and SQL Injection 9 Vulnerabilities (1.3.0)
WordPress Plugin WordPress Event Calendar SQL CVE-2015-2196 CWE-89 High Injection (1.4.9)
WordPress Plugin WordPress Facebook Multiple CVE-2015-1582 CWE-79 High Cross-Site Scripting Vulnerabilities (1.0.10)
WordPress Plugin WordPress Facebook SQL CWE-89 High Injection (1.0.8)
WordPress Plugin WordPress File Upload Arbitrary CWE-434 High File Upload (3.4.0)
WordPress Plugin WordPress File Upload Cross-Site CVE-2014-5199 CWE-352 High Request Forgery (2.4.1)
WordPress Plugin WordPress File Upload Multiple CWE-79 CWE-2 High Vulnerabilities (2.7.6) 00 CWE-352 CW E-434
WordPress Plugin WordPress Gallery Cross-Site CWE-79 High Scripting (1.0)
�122 Vulnerability Name CVE CWE Severity
WordPress Plugin WordPress Landing Pages Cross- CWE-79 High Site Scripting (1.8.5)
WordPress Plugin WordPress Landing Pages Cross- CWE-79 High Site Scripting (1.8.7)
WordPress Plugin WordPress Landing Pages High Multiple Unspecified Vulnerabilities (1.7.8)
WordPress Plugin WordPress Landing Pages CVE-2015-4064 CVE-2015-4065 CWE-79 CWE-8 High Multiple Vulnerabilities (1.8.4) 9
WordPress Plugin WordPress Landing Pages CVE-2015-5227 CWE-94 High Remote Code Execution (1.9.0)
WordPress Plugin WordPress Landing Pages SQL CVE-2013-6243 CWE-89 High Injection (1.2.1)
WordPress Plugin WordPress Landing Pages High Unspecified Vulnerability (1.8.1)
WordPress Plugin WordPress Landing Pages High Unspecified Vulnerability (2.0.2)
WordPress Plugin WordPress Leads Cross-Site CWE-79 High Scripting (1.6.2)
WordPress Plugin WordPress Leads Unspecified High Vulnerability (1.6.8)
WordPress Plugin WordPress Meta Robots SQL CWE-89 High Injection (2.1)
WordPress Plugin WordPress Mobile Pack CVE-2014-5337 CWE-264 High Information Disclosure (2.0.1)
WordPress Plugin WordPress Mobile Pack CWE-200 High Information Disclosure (2.1.2)
WordPress Plugin WordPress Poll Cross-Site CWE-352 High Request Forgery (34.05)
WordPress Plugin WordPress Poll Multiple SQL CWE-89 High Injection Vulnerabilities (33.5)
WordPress Plugin WordPress Poll Multiple SQL CVE-2013-1400 CVE-2013-1401 CWE-89 CWE-2 High Injection and Security Bypass Vulnerabilities (34.04) 64
WordPress Plugin WordPress Poll Multiple High Unspecified Vulnerabilities (35.0)
WordPress Plugin WordPress PopUp Cross-Site CWE-79 High Scripting (4.7.0.5)
WordPress Plugin WordPress Popular Posts Cross- CWE-79 High Site Scripting (3.3.2)
WordPress Plugin WordPress Related Posts Cross- CVE-2013-3476 CWE-352 High Site Request Forgery (2.6.1)
WordPress Plugin WordPress Responsive Preview CVE-2014-4594 CWE-79 High Cross-Site Scripting (1.1)
WordPress Plugin WordPress SEO by Yoast Cross- CWE-79 High Site Scripting (2.0.1)
WordPress Plugin WordPress SEO by Yoast Cross- CVE-2012-6692 CWE-79 High Site Scripting (2.1.1)
WordPress Plugin WordPress SEO by Yoast SQL CVE-2015-2292 CWE-89 High Injection (1.7.3.3)
�123 Vulnerability Name CVE CWE Severity
WordPress Plugin WordPress SEO by Yoast Security CWE-264 High Bypass (1.4.6)
WordPress Plugin WordPress Sentinel Multiple CVE-2011-5224 CVE-2011-5225CVE-2011-5226 CWE-79 CWE-8 High Vulnerabilities (1.0.0) 9 CWE-352
WordPress Plugin WordPress Shopping Cart CVE-2014-9308 CWE-434 High Arbitrary File Upload (3.0.8)
WordPress Plugin WordPress Shopping Cart CVE-2014-4942 CWE-200 High Information Disclosure (2.0.5)
WordPress Plugin WordPress Shopping Cart CVE-2015-2673 CWE-264 High Multiple Security Bypass Vulnerabilities (3.0.20)
WordPress Plugin WordPress Simple Paypal CVE-2013-2705 CWE-352 High Shopping Cart Cross-Site Request Forgery (3.5)
WordPress Plugin WordPress Social Login Cross- CVE-2014-4576 CWE-79 High Site Scripting (2.0.3)
WordPress Plugin WordPress Social Ring (Facebook CWE-79 High Like, Google +1, ReTweet, LinkedIn and Pin It) Cross-Site Scripting (1.1.9)
WordPress Plugin WordPress Store Locator SQL CVE-2014-8621 CWE-89 High Injection (3.11)
WordPress Plugin WordPress Store Locator SQL CWE-89 High Injection (3.33.1)
WordPress Plugin WordPress Survey & Poll SQL CVE-2015-2090 CWE-89 High Injection (1.1.91)
WordPress Plugin WordPress Users 'uid' Parameter CVE-2011-4669 CWE-89 High SQL Injection (1.3)
WordPress Plugin WordPress Video Player Cross- CVE-2014-8584 CWE-79 High Site Scripting (1.5.1)
WordPress Plugin WordPress Video Player Multiple CWE-79 CWE-3 High Vulnerabilities (1.5.4) 52
WordPress Plugin WordPress prettyPhoto Cross- CWE-79 High Site Scripting (1.1)
WordPress Plugin WordPress renaming tool by CVE-2015-4703 CWE-538 High Vlajo Arbitrary File Download (1.0)
WordPress Plugin WordPress-Amazon-Associate CWE-79 High (WPAA) Cross-Site Scripting (2.0)
WordPress Plugin WordPress-Amazon-Associate CWE-79 High (WPAA) Multiple Cross-Site Scripting Vulnerabilities (1.7.3)
WordPress Plugin Wordfence Security Cross-Site CWE-79 High Scripting (3.3.5)
WordPress Plugin Wordfence Security Cross-Site CWE-79 High Scripting (3.8.1)
WordPress Plugin Wordfence Security Cross-Site CWE-79 High Scripting (3.8.6)
WordPress Plugin Wordfence Security Cross-Site CVE-2014-4664 CWE-79 High Scripting (5.1.2)
WordPress Plugin Wordfence Security Cross-Site CVE-2014-4932 CWE-79 High Scripting (5.1.4)
�124 Vulnerability Name CVE CWE Severity
WordPress Plugin Wordfence Security Cross-Site CWE-79 High Scripting (5.2.2)
WordPress Plugin Wordfence Security Cross-Site CWE-79 High Scripting (6.0.21)
WordPress Plugin Wordfence Security Multiple CWE-79 CWE-6 High Vulnerabilities (5.2.3) 93
WordPress Plugin Wordfence Security Multiple CWE-79 CWE-2 High Vulnerabilities (5.2.4) 64
WordPress Plugin Wordfence Security Unspecified High Vulnerability (5.3.2)
WordPress Plugin Wordspew 'id' Parameter SQL CVE-2008-0682 CWE-89 High Injection (1.16)
WordPress Plugin Work The Flow File Upload CWE-434 High Arbitrary File Upload (2.3.1)
WordPress Plugin Work The Flow File Upload CWE-434 High Arbitrary File Upload (2.5.2)
WordPress Plugin World of Warcraft-Armory Table CWE-79 High Cross-Site Scripting (0.2.5)
WordPress Plugin Wow Moodboard Lite Open CVE-2015-4070 CWE-601 High Redirect (1.1.1.1)
WordPress Plugin Wp Multiple Meta Box SQL CWE-89 High Injection (1.0.0)
WordPress Plugin Wp-FileManager CVE-2008-0222 CWE-94 High 'ajaxfilemanager.php' Arbitrary File Upload (1.2)
WordPress Plugin Wp-ImageZoom 'file' Parameter CWE-22 High Information Disclosure (1.0.3)
WordPress Plugin Wp-ImageZoom SQL Injection CWE-89 High (1.0.7)
WordPress Plugin WpPygments Multiple Cross-Site CVE-2013-1808 CWE-79 High Scripting Vulnerabilities (0.3.2)
WordPress Plugin Wpshop-eCommerce Arbitrary CWE-434 High File Upload (1.3.9.5)
WordPress Plugin Wu-Rating Cross-Site Scripting CVE-2014-4601 CWE-79 High (1.0 12319)
WordPress Plugin Wysija Newsletters SQL Injection CVE-2013-1408 CWE-89 High (2.2)
WordPress Plugin XCloner-Backup and Restore CWE-22 High 'config' Parameter Local File Inclusion (3.0.3)
WordPress Plugin XCloner-Backup and Restore CWE-79 High 'mosmsg' and 'option' Parameters Cross-Site Scripting Vulnerabilities (3.0)
WordPress Plugin XCloner-Backup and Restore CVE-2014-2340 CWE-352 High Cross-Site Request Forgery (3.1.0)
WordPress Plugin XCloner-Backup and Restore CWE-79 High Cross-Site Scripting (3.1.2)
WordPress Plugin XCloner-Backup and Restore CVE-2014-8603 CVE-2014-8604CVE-2014-8605 CVE-2014-8 CWE-22 CWE-7 High Multiple Vulnerabilities (3.1.1) 606CVE-2014-8607 CVE-2014-8813 8 CWE-200
WordPress Plugin XCloner-Backup and Restore CVE-2015-4336 CVE-2015-4337CVE-2015-4338 CWE-79 CWE-9 High Multiple Vulnerabilities (3.1.2) 4
�125 Vulnerability Name CVE CWE Severity
WordPress Plugin XEN Carousel Multiple Cross-Site CVE-2014-4602 CWE-79 High Scripting Vulnerabilities (0.12.2)
WordPress Plugin XML Sitemap & Google News CWE-79 High feeds Cross-Site Scripting (3.9)
WordPress Plugin XML Sitemap & Google News CWE-79 High feeds Cross-Site Scripting (4.5)
WordPress Plugin XVE Various Embed Multiple CWE-79 High Cross-Site Scripting Vulnerabilities (1.0.3)
WordPress Plugin Xerte Online 'save.php' Arbitrary CWE-434 High File Upload (0.32)
WordPress Plugin Xhanch-My Twitter Cross-Site CVE-2013-3253 CWE-352 High Request Forgery (2.7.6)
WordPress Plugin Xhanch-My Twitter Multiple CWE-352 High Cross-Site Request Forgery Vulnerabilities (2.7.7)
WordPress Plugin Xorbin Analog Flash Clock Cross- CVE-2013-4692 CWE-79 High Site Scripting (1.0)
WordPress Plugin Xorbin Digital Flash Clock Cross- CVE-2013-4693 CWE-79 High Site Scripting (1.0)
WordPress Plugin YAWPP (Yet Another WordPress CVE-2014-5182 CWE-89 High Petition Plugin) SQL Injection (1.2)
WordPress Plugin YITH Maintenance Mode Cross- CWE-79 High Site Scripting (1.1.4)
WordPress Plugin YITH WooCommerce Ajax Search High Unspecified Vulnerability (1.2.7)
WordPress Plugin YITH WooCommerce Wishlist High Unspecified Vulnerability (2.0.6)
WordPress Plugin YITH WooCommerce Zoom CWE-79 High Magnifier Cross-Site Scripting (1.1.8)
WordPress Plugin YOP Poll Cross-Site Scripting CWE-79 High (5.7.3)
WordPress Plugin YOP Poll Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (4.9.1)
WordPress Plugin YOP Poll Unspecified High Vulnerability (5.7.7)
WordPress Plugin YT-Audio:Audio Hosting From CWE-79 High YouTube in WordPress 'v' Parameter Cross-Site Scripting (1.7)
WordPress Plugin Yahoo! Updates for WordPress CVE-2014-4603 CWE-79 High Multiple Cross-Site Scripting Vulnerabilities (1.0)
WordPress Plugin Yasr-Yet Another Stars Rating CWE-89 High SQL Injection (0.9.0)
WordPress Plugin Yasr-Yet Another Stars Rating High Unspecified Vulnerability (0.9.1)
WordPress Plugin Yet Another Photoblog High Unspecified Vulnerability (1.10.6)
WordPress Plugin Yet Another Related Posts CWE-79 CWE-3 High (YARPP) Multiple Vulnerabilities (4.2.4) 52
WordPress Plugin YouSayToo auto-publishing CVE-2012-0901 CWE-79 High 'submit' Parameter Cross-Site Scripting (1.0.1)
�126 Vulnerability Name CVE CWE Severity
WordPress Plugin YouTube Advanced by Embed CWE-79 High Plus Cross-Site Scripting (5.3)
WordPress Plugin YouTube Embed Cross-Site CVE-2015-6535 CWE-79 High Scripting (3.3.2)
WordPress Plugin Your Text Manager Cross-Site CVE-2014-4604 CWE-79 High Scripting (0.3.0)
WordPress Plugin Z-Vote 'zvote' Parameter SQL CWE-89 High Injection (1.1)
WordPress Plugin ZdStatistics Cross-Site Scripting CVE-2014-4605 CWE-79 High (2.0.1)
WordPress Plugin Zedity Now Creating your CWE-79 High Content is Super Easy! Cross-Site Scripting (2.5.0)
WordPress Plugin ZeenShare Cross-Site Scripting CVE-2014-4606 CWE-79 High (1.0.1)
WordPress Plugin Zingiri Web Shop 'abspath' CWE-94 High Parameter Remote File Include (2.4.6)
WordPress Plugin Zingiri Web Shop CWE-95 High 'ajax_save_name.php' Remote Code Execution (2.2.3)
WordPress Plugin Zingiri Web Shop CWE-434 High 'uploadfilexd.php' Arbitrary File Upload (2.4.3)
WordPress Plugin Zingiri Web Shop 'wpabspath' CWE-94 High Parameter Remote File Include (2.2.0)
WordPress Plugin Zingiri Web Shop Cookie Multiple CWE-89 High SQL Injection Vulnerabilities (2.4.7)
WordPress Plugin Zingiri Web Shop Cross-Site CWE-79 High Scripting (2.4.2)
WordPress Plugin Zingiri Web Shop Multiple Cross- CVE-2012-6506 CWE-79 High Site Scripting Vulnerabilities (2.4.1)
WordPress Plugin Zingiri Web Shop Multiple Cross- CWE-79 CWE-8 High Site Scripting and SQL Injection Vulnerabilities 9 (2.3.5)
WordPress Plugin Zingiri Web Shop Unspecified High Vulnerability (2.6.5)
WordPress Plugin Zip Attachments Arbitrary File CVE-2015-4694 CWE-538 High Download (1.4)
WordPress Plugin ZooEffect for Video player Photo CVE-2011-5180 CWE-79 High Gallery Slideshow jQuery and audio/music/ podcast-HTML Cross-Site Scripting (1.01)
WordPress Plugin ZoomSounds-WordPress Audio CWE-434 High Player Arbitrary File Upload (2.0)
WordPress Plugin Zopim Live Chat Cross-Site CVE-2013-1808 CWE-79 High Scripting (1.2.5)
WordPress Plugin Zopim Live Chat Unspecified High Vulnerability (1.3.9)
WordPress Plugin Zotpress 'citation' Parameter CWE-79 High Cross-Site Scripting (2.6.1)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL CWE-89 High Injection (4.4)
�127 Vulnerability Name CVE CWE Severity
WordPress Plugin arcResBookingWidget Multiple CWE-79 CWE-3 High Vulnerabilities (1.0) 52
WordPress Plugin bSuite Cross-Site Scripting (4.0.7) CVE-2011-4955 CWE-79 High
WordPress Plugin bbPress Cross-Site Scripting CWE-79 High (2.5.6)
WordPress Plugin bib2html Cross-Site Scripting CVE-2014-3870 CWE-79 High (0.9.3)
WordPress Plugin cdnvote 'cdnvote-post.php' CVE-2011-5308 CWE-89 High Multiple SQL Injection Vulnerabilities (0.4.1)
WordPress Plugin cformsII 'lib_ajax.php' Multiple CVE-2010-3977 CWE-79 High Cross-Site Scripting Vulnerabilities (13.1)
WordPress Plugin cformsII-contact form Arbitrary CVE-2014-9473 CWE-434 High File Upload (14.7)
WordPress Plugin church_admin 'id' Parameter CWE-79 High Cross-Site Scripting (0.33.4.5)
WordPress Plugin church_admin Cross-Site CVE-2015-4127 CWE-79 High Scripting (0.800)
WordPress Plugin cloudsafe365_for_WP 'file' CWE-22 High Parameter Remote File Disclosure (1.46)
WordPress Plugin dsIDXpress IDX Cross-Site CVE-2014-4521 CWE-79 High Scripting (2.1.0)
WordPress Plugin dsSearchAgent:WordPress CVE-2014-4522 CWE-79 High Edition Cross-Site Scripting (1.0-beta10)
WordPress Plugin eBay Feeds for WordPress Cross- CVE-2014-4525 CWE-79 High Site Scripting (1.0)
WordPress Plugin eBook download Directory CWE-22 High Traversal (1.1)
WordPress Plugin eHive Account Details Cross-Site CWE-79 High Scripting (2.1.2)
WordPress Plugin eHive Object Details Cross-Site CWE-79 High Scripting (2.1.6)
WordPress Plugin eShop Code Injection (6.3.11) CVE-2015-3421 CWE-94 High
WordPress Plugin eShop Multiple Cross-Site CWE-79 High Scripting Vulnerabilities (6.2.8)
WordPress Plugin eShop Multiple Vulnerabilities CWE-79 CWE-3 High (6.3.13) 52
WordPress Plugin eShop Multiple Vulnerabilities CVE-2016-0765 CVE-2016-0769 CWE-79 CWE-8 High (6.3.14) 9
WordPress Plugin fGallery SQL Injection (2.4.1) CVE-2008-0491 CWE-89 High
WordPress Plugin fMoblog 'id' Parameter SQL CVE-2009-0968 CWE-89 High Injection (2.1)
WordPress Plugin gSlideShow Cross-Site Request CVE-2014-9391 CWE-352 High Forgery (0.1)
WordPress Plugin iCopyright Toolbar CWE-89 High 'icopyright_xml.php' SQL Injection (1.1.4)
WordPress Plugin iFrame Admin Pages 'url' CWE-79 High Parameter Cross-Site Scripting (0.1)
�128 Vulnerability Name CVE CWE Severity
WordPress Plugin iMember360 Multiple CVE-2014-3842 CVE-2014-3848CVE-2014-3849 CVE-2014-8 CWE-79 CWE-9 High Vulnerabilities (3.9.001) 948CVE-2014-8949 4 CWE-264
WordPress Plugin iQ Block Country Cross-Site CWE-79 High Scripting (1.1.19)
WordPress Plugin iSlidex TimThumb Arbitrary File CVE-2011-4106 CWE-20 High Upload (2.7)
WordPress Plugin iThemes Exchange:Simple WP CWE-79 High Ecommerce Cross-Site Scripting (1.11.18)
WordPress Plugin iThemes Exchange:Simple WP CWE-94 High Ecommerce Remote Code Execution (1.14.0)
WordPress Plugin iThemes Security (formerly CVE-2012-4263 CWE-79 High Better WP Security) Cross-Site Scripting (3.2.4)
WordPress Plugin iThemes Security (formerly CWE-79 High Better WP Security) Cross-Site Scripting (3.5.3)
WordPress Plugin iThemes Security (formerly CWE-79 High Better WP Security) Cross-Site Scripting (4.6.12)
WordPress Plugin iThemes Security (formerly CWE-200 High Better WP Security) Information Disclosure (5.1.1)
WordPress Plugin iThemes Security (formerly CWE-79 High Better WP Security) Multiple Cross-Site Scripting Vulnerabilities (3.4.3)
WordPress Plugin iThemes Security (formerly CWE-79 CWE-2 High Better WP Security) Multiple Vulnerabilities (3.6.3) 00
WordPress Plugin iThemes Security (formerly CWE-219 CWE- High Better WP Security) Security Bypass (5.3.0) 330
WordPress Plugin iThemes Security (formerly CWE-264 High Better WP Security) Security Bypass (5.3.5)
WordPress Plugin iTwitter Multiple Vulnerabilities CVE-2014-9336 CWE-79 CWE-3 High (0.04) 52
WordPress Plugin iframe Cross-Site Scripting (3.0) CWE-79 High
WordPress Plugin iframe Cross-Site Scripting (4.0) CWE-79 High
WordPress Plugin is_human() 'type' Parameter CWE-95 High Remote Command Injection (1.4.2)
WordPress Plugin jQuery Mega Menu Widget 'skin' CWE-22 High Parameter Local File Include (1.0)
WordPress Plugin jRSS Widget 'url' Parameter CWE-22 High Directory Traversal (1.1.1)
WordPress Plugin jRSS Widget Server-Side Request CVE-2014-9292 CWE-918 High Forgery (1.2)
WordPress Plugin jcwp youtube channel embed CWE-79 High Cross-Site Scripting (1.5.2)
WordPress Plugin kk Star Ratings 'root' Parameter CWE-94 High Remote File Include (1.7)
WordPress Plugin kk Star Ratings Security Bypass CWE-264 High (2.3.1)
WordPress Plugin lasTunes Cross-Site Scripting CWE-79 High (3.6.1)
�129 Vulnerability Name CVE CWE Severity
WordPress Plugin leenk.me Multiple Vulnerabilities CWE-79 CWE-3 High (2.5.0) 52
WordPress Plugin mTouch Quiz Multiple CVE-2014-100022 CVE-2014-100023 CWE-79 CWE-8 High Vulnerabilities (3.0.6) 9
WordPress Plugin mTouch Quiz Multiple CWE-79 CWE-3 High Vulnerabilities (3.1.2) 52
WordPress Plugin mb.YTPlayer for background High videos Unspecified Vulnerability (1.7.2)
WordPress Plugin mb.miniAudioPlayer-an HTML5 CWE-79 High audio player for your mp3 files Multiple Cross-Site Scripting Vulnerabilities (1.3.8)
WordPress Plugin mb.miniAudioPlayer-an HTML5 CWE-22 CWE-7 High audio player for your mp3 files Multiple 9 Vulnerabilities (1.6.0)
WordPress Plugin mb.miniAudioPlayer-an HTML5 CVE-2016-0796 CWE-287 CWE- High audio player for your mp3 files Multiple 441 Vulnerabilities (1.7.6)
WordPress Plugin mklasen's Photobox Cross-Site CWE-79 High Scripting (1.0)
WordPress Plugin myEASYbackup 'dwn_file' CVE-2012-0898 CWE-22 High Parameter Directory Traversal (1.0.8.1)
WordPress Plugin myFlash Remote File Include CVE-2007-2485 CWE-94 High (1.10)
WordPress Plugin myGallery Remote File Include CVE-2007-2426 CWE-94 High (1.4b4)
WordPress Plugin myLinksDump 'url' Parameter CVE-2010-2924 CWE-89 High SQL Injection (1.2)
WordPress Plugin mySTAT 'mystat.php' SQL CWE-89 High Injection (2.6)
WordPress Plugin myTreasures Cross-Site Scripting CWE-79 High (2.4.10)
WordPress Plugin mywebcounter Cross-Site CWE-79 High Scripting (1.1)
WordPress Plugin oQey Gallery 'gal_id' Parameter CWE-89 High SQL Injection (0.4.8)
WordPress Plugin oQey Gallery 'tbpv_domain' CWE-79 High Parameter Cross-Site Scripting (0.2)
WordPress Plugin oQey Headers CWE-89 High 'oqey_settings.php' SQL Injection (0.3)
WordPress Plugin open-flash-chart-core Remote CVE-2009-4140 CWE-434 High Code Execution (0.4)
WordPress Plugin podPress Cross-Site Scripting CVE-2013-2714 CWE-79 High (8.8.10.13)
WordPress Plugin post highlights 'ph_settings.php' CWE-89 High SQL Injection (2.2)
WordPress Plugin post highlights Cross-Site CVE-2014-8087 CWE-79 High Scripting (2.6)
WordPress Plugin post-views Cross-Site Scripting CWE-79 High (2.6.1.1)
�130 Vulnerability Name CVE CWE Severity
WordPress Plugin qTranslate Cross-Site Request CVE-2013-3251 CWE-352 High Forgery (2.5.34)
WordPress Plugin qTranslate Cross-Site Scripting CVE-2015-5535 CWE-79 High (2.5.39)
WordPress Plugin qTranslate X Cross-Site Scripting CWE-79 High (3.4.3)
WordPress Plugin rtMedia for WordPress, CWE-79 High BuddyPress and bbPress Cross-Site Scripting (3.10.1)
WordPress Plugin rtMedia for WordPress, CWE-79 High BuddyPress and bbPress Cross-Site Scripting (3.7.38)
WordPress Plugin rtMedia for WordPress, CWE-89 High BuddyPress and bbPress SQL Injection (3.7.39)
WordPress Plugin rtMedia for WordPress, High BuddyPress and bbPress Unspecified Vulnerability (3.7.18)
WordPress Plugin s2Member Framework CWE-264 High 's2_invoice' Parameter Remote Security Bypass (111105)
WordPress Plugin s2Member Pro 'Coupon Code' CVE-2011-5082 CWE-79 High Field HTML Injection (111216)
WordPress Plugin s2member Secure File Browser CWE-79 High Cross-Site Scripting (0.4.16)
WordPress Plugin sourceAFRICA Cross-Site CVE-2015-6920 CWE-79 High Scripting (0.1.3)
WordPress Plugin stripShow SQL Injection (2.5.2) CVE-2014-5184 CWE-89 High
WordPress Plugin twimp-wp-twitter multi publisher CVE-2014-9397 CWE-352 High Cross-Site Request Forgery (0.1)
WordPress Plugin twitterDash Cross-Site Request CVE-2014-9368 CWE-352 High Forgery (2.1)
WordPress Plugin uCan Post Multiple HTML CWE-79 High Injection Vulnerabilities (1.0.09)
WordPress Plugin underConstruction Cross-Site CVE-2013-2699 CWE-352 High Request Forgery (1.08)
WordPress Plugin vSlider Multi Image Slider for CWE-434 High WordPress Arbitrary File Upload (4.1.2)
WordPress Plugin verwei.se-WordPress-Twitter CVE-2014-4566 CWE-79 High Cross-Site Scripting (1.0.2)
WordPress Plugin wordpress responsive thumbnail CWE-434 High slider Arbitrary File Upload (1.0)
WordPress Plugin wordpress vertical image slider CWE-79 CWE-3 High Multiple Vulnerabilities (1.0) 52
WordPress Plugin wp Dreamwork Gallery CWE-434 High 'upload.php' Arbitrary File Upload (2.1)
WordPress Plugin wp audio gallery playlist CWE-89 High 'playlist.php' SQL Injection (0.12)
WordPress Plugin wp superb Slideshow CWE-434 High 'upload.php' Arbitrary File Upload (2.2)
�131 Vulnerability Name CVE CWE Severity
WordPress Plugin wp superb Slideshow CWE-200 High Information Disclosure (2.4)
WordPress Plugin wp-FileManager Arbitrary File CWE-22 High Disclosure (1.3.0)
WordPress Plugin wp-championship SQL Injection CVE-2015-5308 CWE-89 High (5.8)
WordPress Plugin wp-easybooking Cross-Site CVE-2014-4584 CWE-79 High Scripting (1.0.3)
WordPress Plugin wp-football Multiple Cross-Site CVE-2014-4586 CWE-79 High Scripting Vulnerabilities (1.1)
WordPress Plugin wp-microblogs Cross-Site CVE-2014-4590 CWE-79 High Scripting (0.4.0)
WordPress Plugin wp-picasa-image Cross-Site CVE-2014-4591 CWE-79 High Scripting (1.0)
WordPress Plugin wp-tmkm-amazon Cross-Site CVE-2014-4598 CWE-79 High Scripting (1.5b)
WordPress Plugin wpCommentTwit Cross-Site CVE-2014-9340 CWE-352 High Request Forgery (0.5)
WordPress Plugin wpDataTables Arbitrary File CWE-94 High Upload (1.5.3)
WordPress Plugin wpDataTables SQL Injection CVE-2014-9175 CWE-89 High (1.5.3)
WordPress Plugin wpStoreCart 'upload.php' CVE-2012-3576 CWE-434 High Arbitrary File Upload (2.5.29)
WordPress Plugin wpcu3er 'ajaxReq.php' Arbitrary CWE-434 High File Upload (0.55)
WordPress Plugin wptf-image-gallery Arbitrary File CWE-538 High Download (1.0.3)
WordPress Plugin xPinner Lite Multiple CWE-79 CWE-3 High Vulnerabilities (2.2) 52
WordPress Plugin yURL ReTwitt Cross-Site Request CVE-2014-9341 CWE-352 High Forgery (1.4)
WordPress Plugin yolink Search for WordPress CWE-89 High 'bulkcrawl.php' SQL Injection (1.1.4)
WordPress Plugin yolink Search for WordPress CWE-79 High Cross-Site Scripting (2.5)
WordPress Plugin zM Ajax Login & Register Multiple CVE-2015-4153 CVE-2015-4465 CWE-22 CWE-7 High Vulnerabilities (1.0.9) 9
WordPress Plugin zeList Directory Cross-Site CWE-79 High Scripting (0.5.11.07)
WordPress User-Agent SQL Injection Vulnerability CVE-2006-1012 CWE-89 High (1.5.2 - 1.5.2)
WordPress W3 Total Cache plugin predictable CVE-2012-6077 CVE-2012-6078CVE-2012-6079 CWE-200 High cache filenames
WordPress XML-RPC authentication brute force CWE-521 Medium
WordPress admin accessible without HTTP CWE-16 Low authentication
WordPress caching plugins PHP code execution CVE-2013-2010 CWE-95 High
�132 Vulnerability Name CVE CWE Severity
WordPress database credentials disclosure CWE-538 Medium
WordPress debug mode CWE-200 High
WordPress default administrator account CWE-16 Low
WordPress full path disclosure CWE-200 Low
WordPress pingback scanner CVE-2013-0235 CWE-918 Medium
WordPress plugin All in One SEO Pack privilege CWE-269 High escalation vulnerabilities
WordPress plugin Custom Contact Forms critical CWE-287 High vulnerability
WordPress plugin Slider Revolution arbitrary file CWE-200 High disclosure
WordPress plugin WPtouch insecure nonce CWE-287 High generation
WordPress readme.html file CWE-16 Informational
WordPress user registration enabled CWE-16 Informational
WordPress username enumeration CWE-200 Medium
X-Forwarded-For HTTP header security bypass CWE-287 High
XDMCP service running CWE-16 Low
XML external entity injection CWE-611 High
XML external entity injection and XML injection CWE-611 High
XML quadratic blowup denial of service attack CWE-400 High
XPath injection vulnerability CWE-643 High
XSLT injection CWE-91 High
XSS on Apache HTTP Server 413 error pages via CVE-2007-6203 CWE-79 Medium malformed HTTP method
YUI uploader.swf cross site scripting CVE-2013-6780 CWE-79 High
You are using an old version of Typo3 CWE-16 Medium
Your SSL certificate is about to expire CWE-298 Low
Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack CWE-611 High
Zabbix SQL injection CVE-2013-5743 CWE-89 High
Zend Framework local file disclosure via XXE CVE-2012-3363 CWE-611 High injection
Zend framework configuration file information CWE-538 High disclosure apc.php page found CWE-538 Medium elmah.axd information disclosure CWE-16 Medium jQuery cross site scripting CVE-2011-4969 CWE-79 High lighttpd v1.4.34 SQL injection and path traversal CVE-2014-2323 CVE-2014-2324 CWE-89 High nginx SPDY heap buffer overflow CVE-2014-0133 CWE-122 High phpLiteAdmin default password CWE-16 High
�133 Vulnerability Name CVE CWE Severity phpMoAdmin remote code execution CWE-95 High phpMyAdmin SQL dump CWE-538 Medium phpMyAdmin v3.5.2.2 backdoor CVE-2012-5159 CWE-95 High phpThumb() fltr[] parameter command injection CVE-2010-1598 CWE-20 High vulnerability timthumb.php remote code execution CVE-2011-4106 CWE-20 High vBSEO 3.6.0 PHP code injection CVE-2012-5223 CWE-94 High vBulletin 4 (up to 4.1.2) search.php SQL injection CWE-89 High vBulletin 5 CONNECT remote code execution CWE-94 High vBulletin 5.1.2 SQL injection CVE-2014-5102 CWE-89 High vBulletin PHP object injection vulnerability CWE-915 High vBulletin customer number disclosure CVE-2013-6129 CWE-264 High web.xml configuration file disclosure CWE-538 High webadmin.php script CWE-16 High
�134