| Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-1494 | 4.3 |
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as d
|
13-09-2021 - 10:46 | 17-02-2015 - 15:59 | |
| CVE-2007-1766 | 10.0 |
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
16-10-2018 - 16:40 | 30-03-2007 - 00:19 | |
| CVE-2015-2218 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1)
|
03-12-2016 - 03:04 | 05-03-2015 - 16:59 | |
| CVE-2015-2071 | 4.0 |
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
|
30-11-2016 - 03:00 | 24-02-2015 - 17:59 | |
| CVE-2015-2070 | 7.5 |
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
|
30-11-2016 - 03:00 | 24-02-2015 - 17:59 | |
| CVE-2015-2199 | 6.5 |
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-a
|
04-03-2015 - 19:14 | 03-03-2015 - 19:59 |