CVE-2015-9424
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.
Source: CVE-2015-9424
[월:] 2019년 09월
CVE-2015-9423
CVE-2015-9423
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.
Source: CVE-2015-9423
CVE-2015-9422
CVE-2015-9422
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.
Source: CVE-2015-9422
CVE-2015-9421
CVE-2015-9421
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.
Source: CVE-2015-9421
CVE-2015-9420
CVE-2015-9420
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
Source: CVE-2015-9420
CVE-2015-9418
CVE-2015-9418
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
Source: CVE-2015-9418
CVE-2015-9417
CVE-2015-9417
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.
Source: CVE-2015-9417
CVE-2015-9416
CVE-2015-9416
The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.
Source: CVE-2015-9416
CVE-2015-9415
CVE-2015-9415
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
Source: CVE-2015-9415
CVE-2015-9413
CVE-2015-9413
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
Source: CVE-2015-9413