Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-36850

    Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and me... Read more

    • EPSS Score: %0.10
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36849

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress.... Read more

    Affected Products : social_media_share_buttons
    • EPSS Score: %0.73
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36848

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4... Read more

    Affected Products : social_media_feather
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36847

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.... Read more

    Affected Products : webba_booking
    • EPSS Score: %0.34
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36846

    Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3... Read more

    Affected Products : chaty
    • EPSS Score: %0.32
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-36845

    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable... Read more

    Affected Products : yith_maintenance_mode
    • EPSS Score: %1.16
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36844

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.... Read more

    Affected Products : wp_subscribe
    • EPSS Score: %0.32
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36843

    Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.... Read more

    Affected Products : floating_social_media_icon
    • EPSS Score: %0.30
    • Published: Nov. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-36841

    Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress conf... Read more

    Affected Products : yith_maintenance_mode
    • EPSS Score: %0.36
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36839

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.... Read more

    Affected Products : social_media_follow_buttons_bar
    • EPSS Score: %0.14
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36833

    Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.... Read more

    Affected Products : mailchimp_for_wordpress
    • EPSS Score: %0.48
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36832

    WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.... Read more

    Affected Products : icegram_engage
    • EPSS Score: %0.18
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36830

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.... Read more

    Affected Products : comment_guestbook
    • EPSS Score: %0.14
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36829

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 at WordPress.... Read more

    Affected Products : launcher
    • EPSS Score: %0.18
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36828

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.... Read more

    Affected Products : wp_maintenance
    • EPSS Score: %0.32
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-36827

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".... Read more

    Affected Products : ninja_forms
    • EPSS Score: %0.20
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-36826

    Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.... Read more

    Affected Products : wp_project_manager
    • EPSS Score: %0.23
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-36823

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPre... Read more

    Affected Products : absolutely_glamorous_custom_admin
    • EPSS Score: %0.21
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-36821

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.... Read more

    Affected Products : forminator
    • EPSS Score: %0.07
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-36809

    A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.... Read more

    Affected Products : ssl_vpn_client
    • EPSS Score: %0.05
    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results