Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2017-18585

    The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.... Read more

    Affected Products : posts_in_page
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18584

    The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.... Read more

    Affected Products : post_pay_counter post_pay_counter
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18583

    The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.... Read more

    Affected Products : post_pay_counter post_pay_counter
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18582

    The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.... Read more

    Affected Products : time_sheets
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18581

    The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.... Read more

    Affected Products : time_sheets
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18580

    The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.... Read more

    Affected Products : shortcodes_ultimate
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18579

    The corner-ad plugin before 1.0.8 for WordPress has XSS.... Read more

    Affected Products : corner_ad
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18578

    The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.... Read more

    Affected Products : crafty_social_buttons
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18577

    The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.... Read more

    Affected Products : mailchimp
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18576

    The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.... Read more

    Affected Products : event_notifier
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18575

    The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.... Read more

    Affected Products : newstatpress
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18574

    The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.... Read more

    Affected Products : ninja_forms newstatpress
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18573

    The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.... Read more

    Affected Products : simple_login_log
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18572

    The gnucommerce plugin before 1.4.2 for WordPress has XSS.... Read more

    Affected Products : gnucommerce
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18571

    The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18570

    The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.... Read more

    Affected Products : cformsii
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18569

    The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.... Read more

    Affected Products : my_wp_translate
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18568

    The my-wp-translate plugin before 1.0.4 for WordPress has XSS.... Read more

    Affected Products : my_wp_translate
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18567

    The wp-all-import plugin before 3.4.6 for WordPress has XSS.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18566

    The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.... Read more

    Affected Products : user_role
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293331 Results