Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2021-36914

    Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11.... Read more

    Affected Products : calderawp_license_manager
    • EPSS Score: %0.15
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-36913

    Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin... Read more

    Affected Products : redirection_for_contact_form_7
    • EPSS Score: %0.26
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36912

    Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.... Read more

    Affected Products : google-news-sitemap
    • EPSS Score: %0.17
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36911

    Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role.... Read more

    Affected Products : comment_engine_pro
    • EPSS Score: %0.18
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36910

    Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20.... Read more

    Affected Products : wp-appbox
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36909

    Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.... Read more

    Affected Products : wp_reset_pro
    • EPSS Score: %1.21
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36908

    Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions.... Read more

    Affected Products : wp_reset_pro
    • EPSS Score: %0.15
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36905

    Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.... Read more

    Affected Products : quiz_and_survey_master
    • EPSS Score: %0.08
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36901

    Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.... Read more

    Affected Products : age_gate
    • EPSS Score: %0.31
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36899

    Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.... Read more

    Affected Products : _page_speed_booster_project
    • EPSS Score: %0.24
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-36898

    Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.... Read more

    Affected Products : quiz_and_survey_master
    • EPSS Score: %0.18
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36896

    Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2... Read more

    Affected Products : pricing_table
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36895

    Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.... Read more

    Affected Products : tripetto
    • EPSS Score: %0.33
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36893

    Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5... Read more

    Affected Products : responsive_tabs
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36891

    Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.10
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36890

    Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.... Read more

    Affected Products : social_share_buttons
    • EPSS Score: %0.10
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36889

    Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).... Read more

    • EPSS Score: %0.30
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36888

    Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.... Read more

    Affected Products : image_hover_effects
    • EPSS Score: %1.09
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36887

    Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".... Read more

    • EPSS Score: %0.11
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-36886

    Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).... Read more

    Affected Products : contact_form_7_database_addon
    • EPSS Score: %0.11
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results