CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1901 CVE-2015-9348 20 2019-08-27 2019-08-29
5.0
None Remote Low Not required Partial None None
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
1902 CVE-2015-9347 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.
1903 CVE-2015-9346 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The cp-polls plugin before 1.0.5 for WordPress has XSS.
1904 CVE-2015-9345 20 Http R.Spl. 2019-08-27 2019-08-28
5.0
None Remote Low Not required None Partial None
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.
1905 CVE-2015-9344 89 Sql 2019-08-27 2019-09-04
7.5
None Remote Low Not required Partial Partial Partial
The link-log plugin before 2.1 for WordPress has SQL injection.
1906 CVE-2015-9343 352 CSRF 2019-08-27 2019-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The wp-rollback plugin before 1.2.3 for WordPress has CSRF.
1907 CVE-2015-9342 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The wp-rollback plugin before 1.2.3 for WordPress has XSS.
1908 CVE-2015-9341 434 2019-08-22 2019-08-29
5.0
None Remote Low Not required None Partial None
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
1909 CVE-2015-9340 434 2019-08-22 2019-08-29
5.0
None Remote Low Not required None Partial None
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
1910 CVE-2015-9339 434 2019-08-22 2019-08-29
5.0
None Remote Low Not required None Partial None
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
1911 CVE-2015-9338 434 2019-08-22 2019-08-29
5.0
None Remote Low Not required None Partial None
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
1912 CVE-2015-9337 284 2019-08-22 2019-08-26
5.0
None Remote Low Not required None Partial None
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
1913 CVE-2015-9336 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
1914 CVE-2015-9335 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
1915 CVE-2015-9334 89 Sql 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
1916 CVE-2015-9333 89 Sql 2019-08-22 2019-09-30
7.5
None Remote Low Not required Partial Partial Partial
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
1917 CVE-2015-9332 352 CSRF 2019-08-20 2019-08-22
5.8
None Remote Medium Not required None Partial Partial
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
1918 CVE-2015-9331 254 2019-08-20 2019-08-22
5.0
None Remote Low Not required None Partial None
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
1919 CVE-2015-9330 89 Sql 2019-08-20 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
1920 CVE-2015-9329 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
1921 CVE-2015-9328 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The profile-builder plugin before 2.2.5 for WordPress has XSS.
1922 CVE-2015-9327 79 XSS 2019-08-21 2019-08-23
4.3
None Remote Medium Not required None Partial None
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
1923 CVE-2015-9326 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
1924 CVE-2015-9325 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The visitors-online plugin before 0.4 for WordPress has SQL injection.
1925 CVE-2015-9324 89 Sql 2019-08-16 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
1926 CVE-2015-9323 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
1927 CVE-2015-9322 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
1928 CVE-2015-9321 79 XSS 2019-08-21 2019-08-21
4.3
None Remote Medium Not required None Partial None
The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.
1929 CVE-2015-9320 79 XSS 2019-08-20 2019-08-25
4.3
None Remote Medium Not required None Partial None
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
1930 CVE-2015-9319 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.
1931 CVE-2015-9318 254 2019-08-20 2019-08-22
5.0
None Remote Low Not required None Partial None
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
1932 CVE-2015-9317 79 XSS 2019-08-20 2019-08-21
4.3
None Remote Medium Not required None Partial None
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
1933 CVE-2015-9316 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
1934 CVE-2015-9315 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
1935 CVE-2015-9314 79 XSS 2019-08-14 2019-08-16
4.3
None Remote Medium Not required None Partial None
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
1936 CVE-2015-9313 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
1937 CVE-2015-9312 79 XSS 2019-08-14 2019-08-16
4.3
None Remote Medium Not required None Partial None
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
1938 CVE-2015-9311 79 XSS 2019-08-14 2019-08-16
4.3
None Remote Medium Not required None Partial None
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
1939 CVE-2015-9310 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
1940 CVE-2015-9309 352 CSRF 2019-08-14 2020-03-09
6.8
None Remote Medium Not required Partial Partial Partial
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
1941 CVE-2015-9308 352 CSRF 2019-08-14 2020-03-09
6.8
None Remote Medium Not required Partial Partial Partial
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
1942 CVE-2015-9307 352 CSRF 2019-08-14 2020-03-09
6.8
None Remote Medium Not required Partial Partial Partial
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
1943 CVE-2015-9306 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
1944 CVE-2015-9305 79 XSS 2019-08-12 2019-08-15
4.3
None Remote Medium Not required None Partial None
The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.
1945 CVE-2015-9304 79 XSS 2019-08-12 2020-03-09
4.3
None Remote Medium Not required None Partial None
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
1946 CVE-2015-9303 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.
1947 CVE-2015-9302 79 XSS 2019-08-13 2020-03-13
4.3
None Remote Medium Not required None Partial None
The simple-fields plugin before 1.4.11 for WordPress has XSS.
1948 CVE-2015-9301 89 Sql 2019-08-13 2019-09-09
7.5
None Remote Low Not required Partial Partial Partial
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
1949 CVE-2015-9300 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
1950 CVE-2015-9299 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 (This Page)40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.