Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15836 | 1 Bootstrapped | 1 Wp Ultimate Recipe | 2019-09-04 | 3.5 LOW | 5.4 MEDIUM |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | |||||
| CVE-2019-15700 | 1 Frappe | 1 Frappe | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | |||||
| CVE-2015-9375 | 1 Ithemes | 1 Table Rate Shipping | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15074 | 1 Mantisbt | 1 Mantisbt | 2019-09-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. | |||||
| CVE-2015-9373 | 1 Webdevstudios | 1 Ithemes Paypal Pro | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9366 | 1 Ithemes | 1 Custom Url Tracking | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9370 | 1 Ithemes | 1 Invoices | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9371 | 1 Ithemes | 1 Manual Purchases | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9372 | 1 Ithemes | 1 Membership | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15837 | 1 Bitwise-it | 1 Webp Express | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. | |||||
| CVE-2019-15777 | 1 Shapepress | 1 Wp Dsgvo Tools | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | |||||
| CVE-2015-9374 | 1 Ithemes | 1 Stripe | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15829 | 1 Greentreelabs | 1 Gallery Photoblocks | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | |||||
| CVE-2019-15827 | 1 Onesignal | 1 Onesignal-free-web-push-notifications | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | |||||
| CVE-2018-15510 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-12754 | 1 Symantec | 1 Vip | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-15511 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15864 | 1 Holest | 1 Breadcrumbs By Menu | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. | |||||
| CVE-2018-15512 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15870 | 1 Carspot Project | 1 Carspot | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. | |||||