| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies custom-smilies allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 1.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect nino-social-connect allows Stored XSS.This issue affects Nino Social Connect: from n/a through <= 2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through <= 1.0.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox wp-sexylightbox allows Stored XSS.This issue affects WP SexyLightBox: from n/a through <= 0.5.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through <= 0.41. |
| Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists advanced-tag-list allows Stored XSS.This issue affects Advanced Tag Lists: from n/a through <= 1.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through <= 7.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3. |
| Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through <= 3.5.6. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin audio4-html5 allows Blind SQL Injection.This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n/a through <= 4.4.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through <= 5.8. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex winnex allows PHP Local File Inclusion.This issue affects Winnex: from n/a through <= 1.3.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin circular_countdown allows SQL Injection.This issue affects CountDown Pro WP Plugin: from n/a through <= 2.7. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal - Appointment Booking Calendar for WordPress quickcal allows Retrieve Embedded Sensitive Data.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through <= 1.0.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1. |
| Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1. |
