CVE-2017-18562

The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.

Source: CVE-2017-18562

CVE-2017-18535

The smokesignal plugin before 1.2.7 for WordPress has XSS.

Source: CVE-2017-18535

CVE-2017-18559

The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.

Source: CVE-2017-18559

CVE-2017-18521

The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.

Source: CVE-2017-18521

CVE-2017-18525

The megamenu plugin before 2.4 for WordPress has XSS.

Source: CVE-2017-18525

CVE-2016-10891

The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.

Source: CVE-2016-10891

CVE-2017-18516

The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.

Source: CVE-2017-18516

CVE-2014-10377

The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.

Source: CVE-2014-10377

CVE-2012-6714

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.

Source: CVE-2012-6714

CVE-2019-11897

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.

Source: CVE-2019-11897