Skip to main content
CVE-2015-2216 HIGH POC This Week

SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Photocrati
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.5%
CVE-2015-2218 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.1%.

XSS WordPress PHP Wonderplugin Audio Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.1%
CVE-2015-2220 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Ninja Forms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9688 HIGH This Week

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Ninja Forms
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-2215 MEDIUM This Month

Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Services Single Sign On Server Helper
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-2214 MEDIUM This Month

NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Netcat
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0893 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Maroyaka Relay Novel
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0892 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Maroyaka Image Album
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0891 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Maroyaka Simple Board
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy