2016 CVE Vulnerabilities

10,645 CVEs published in 2016.

CRITICAL217

2.0%

7.0%

4.5%

0.2%

86.3%

Filter:MEDIUMClear

CVE ID	Severity	CVSS	EPSS	Published	Description
CVE-2016-10996	MEDIUM	5.3	1.1%	Sep 20, 2019	The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10994	MEDIUM	6.1	1.3%	Sep 18, 2019	The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.
CVE-2016-10993	MEDIUM	5.4	2.7%	Sep 17, 2019	The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
CVE-2016-10992	MEDIUM	6.1	1.6%	Sep 17, 2019	The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from...
CVE-2016-10990	MEDIUM	6.1	1.4%	Sep 17, 2019	The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
CVE-2016-10988	MEDIUM	6.1	1.4%	Sep 17, 2019	The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, ...
CVE-2016-10987	MEDIUM	6.1	1.4%	Sep 17, 2019	The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.
CVE-2016-10986	MEDIUM	6.1	1.4%	Sep 17, 2019	The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_...
CVE-2016-10985	MEDIUM	6.1	1.4%	Sep 17, 2019	The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
CVE-2016-10984	MEDIUM	6.1	1.4%	Sep 17, 2019	The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.
CVE-2016-10983	MEDIUM	6.5	1.5%	Sep 17, 2019	The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of e...
CVE-2016-10981	MEDIUM	6.1	1.0%	Sep 17, 2019	The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_...
CVE-2016-10980	MEDIUM	6.1	1.0%	Sep 17, 2019	The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.
CVE-2016-10979	MEDIUM	6.1	0.9%	Sep 17, 2019	The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.
CVE-2016-10977	MEDIUM	6.5	2.2%	Sep 17, 2019	The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.
CVE-2016-10976	MEDIUM	6.1	1.5%	Sep 17, 2019	The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.
CVE-2016-10975	MEDIUM	6.1	1.0%	Sep 17, 2019	The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.
CVE-2016-10973	MEDIUM	6.1	2.0%	Sep 16, 2019	The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter...
CVE-2016-10970	MEDIUM	6.1	1.1%	Sep 16, 2019	The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.
CVE-2016-10969	MEDIUM	6.1	1.0%	Sep 16, 2019	The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.
CVE-2016-10967	MEDIUM	6.1	1.0%	Sep 16, 2019	The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks....
CVE-2016-10964	MEDIUM	6.1	1.0%	Sep 16, 2019	The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.
CVE-2016-10963	MEDIUM	6.1	0.9%	Sep 16, 2019	The icegram plugin before 1.9.19 for WordPress has XSS.
CVE-2016-10962	MEDIUM	6.5	0.6%	Sep 16, 2019	The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
CVE-2016-10961	MEDIUM	6.1	1.0%	Sep 16, 2019	The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.

Check if your code is affected by 2016 CVEs

Strix scans your code and infrastructure for known vulnerabilities automatically.

Scan your code now