Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-10974

    The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.... Read more

    Affected Products : fluid-responsive-slideshow
    • EPSS Score: %0.11
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10973

    The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.... Read more

    Affected Products : brafton
    • EPSS Score: %1.32
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10972

    The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.... Read more

    Affected Products : newspaper
    • EPSS Score: %4.32
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10971

    The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.... Read more

    Affected Products : membersonic
    • EPSS Score: %0.71
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10970

    The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.... Read more

    Affected Products : supportflow
    • EPSS Score: %0.31
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10969

    The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.... Read more

    Affected Products : supportflow
    • EPSS Score: %0.26
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10968

    The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.... Read more

    Affected Products : peepso
    • EPSS Score: %0.23
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10967

    The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.... Read more

    Affected Products : real3d_flipbook
    • EPSS Score: %0.19
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10966

    The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.... Read more

    Affected Products : real3d_flipbook
    • EPSS Score: %0.36
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10965

    The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.... Read more

    Affected Products : real3d_flipbook
    • EPSS Score: %0.52
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10964

    The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.... Read more

    Affected Products : dwnldr
    • EPSS Score: %0.19
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10963

    The icegram plugin before 1.9.19 for WordPress has XSS.... Read more

    Affected Products : icegram_engage icegram_express
    • EPSS Score: %0.19
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10962

    The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.... Read more

    Affected Products : icegram_engage icegram_express
    • EPSS Score: %0.14
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10961

    The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.... Read more

    Affected Products : colorway
    • EPSS Score: %0.19
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10960

    The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.... Read more

    Affected Products : wsecure
    • EPSS Score: %58.12
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10959

    The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.... Read more

    Affected Products : estatik
    • EPSS Score: %0.44
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10958

    The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.... Read more

    Affected Products : estatik
    • EPSS Score: %0.59
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10957

    The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.... Read more

    Affected Products : akal
    • EPSS Score: %0.19
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10956

    The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.... Read more

    Affected Products : mail-masta
    • EPSS Score: %86.94
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10955

    The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.... Read more

    Affected Products : cysteme-finder
    • EPSS Score: %0.84
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results