Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-36854

    Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.... Read more

    • EPSS Score: %0.04
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-36852

    Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.... Read more

    Affected Products : wp_hotel_booking
    • EPSS Score: %0.14
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36851

    Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_but... Read more

    Affected Products : testimonial_slider
    • EPSS Score: %0.16
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36850

    Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and me... Read more

    • EPSS Score: %0.10
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36849

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress.... Read more

    Affected Products : social_media_share_buttons
    • EPSS Score: %0.73
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36848

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4... Read more

    Affected Products : social_media_feather
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36847

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.... Read more

    Affected Products : webba_booking
    • EPSS Score: %0.34
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36846

    Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3... Read more

    Affected Products : chaty
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-36845

    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable... Read more

    Affected Products : yith_maintenance_mode
    • EPSS Score: %1.16
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36844

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.... Read more

    Affected Products : wp_subscribe
    • EPSS Score: %0.32
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36843

    Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.... Read more

    Affected Products : floating_social_media_icon
    • EPSS Score: %0.30
    • Published: Nov. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-36841

    Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress conf... Read more

    Affected Products : yith_maintenance_mode
    • EPSS Score: %0.36
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36839

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.... Read more

    Affected Products : social_media_follow_buttons_bar
    • EPSS Score: %0.14
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36833

    Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.... Read more

    Affected Products : mailchimp_for_wordpress
    • EPSS Score: %0.48
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36832

    WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.... Read more

    Affected Products : icegram_engage
    • EPSS Score: %0.18
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36830

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.... Read more

    Affected Products : comment_guestbook
    • EPSS Score: %0.14
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36829

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 at WordPress.... Read more

    Affected Products : launcher
    • EPSS Score: %0.18
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36828

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.... Read more

    Affected Products : wp_maintenance
    • EPSS Score: %0.32
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36827

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".... Read more

    Affected Products : ninja_forms
    • EPSS Score: %0.20
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36826

    Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.... Read more

    Affected Products : wp_project_manager
    • EPSS Score: %0.23
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291625 Results