Export limit exceeded: 361579 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361579 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14800 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. | ||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 6.1 Medium |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | ||||
| CVE-2019-14798 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | ||||
| CVE-2019-14797 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | ||||
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2024-11-21 | 5.4 Medium |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | ||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2024-11-21 | N/A |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | ||||
| CVE-2019-14794 | 1 Metabox | 1 Meta Box | 2024-11-21 | N/A |
| The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | ||||
| CVE-2019-14793 | 1 Metabox | 1 Meta Box | 2024-11-21 | N/A |
| The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | ||||
| CVE-2019-14792 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | N/A |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | ||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | ||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2024-11-21 | N/A |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | ||||
| CVE-2019-14789 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | ||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 8.8 High |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | ||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 5.4 Medium |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | ||||
| CVE-2019-14786 | 1 Rankmath | 1 Seo | 2024-11-21 | 6.5 Medium |
| The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. | ||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | ||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | ||||
| CVE-2019-14783 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | ||||
| CVE-2019-14782 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.5 Medium |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account. | ||||
| CVE-2019-14778 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | N/A |
| The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||||