Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10954

    The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.... Read more

    Affected Products : neosense
    • EPSS Score: %0.84
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10953

    The Headway theme before 3.8.9 for WordPress has XSS via the license key field.... Read more

    Affected Products : headway
    • EPSS Score: %0.16
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10952

    The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.... Read more

    Affected Products : quotes_collection
    • EPSS Score: %0.24
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10951

    The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.... Read more

    Affected Products : fs-shopping-cart
    • EPSS Score: %0.69
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10950

    The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.... Read more

    Affected Products : sirv
    • EPSS Score: %0.65
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10949

    The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.... Read more

    Affected Products : relevanssi
    • EPSS Score: %0.59
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10948

    The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.... Read more

    Affected Products : post_indexer
    • EPSS Score: %0.84
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10947

    The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.... Read more

    Affected Products : post_indexer
    • EPSS Score: %0.57
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10946

    The wp-d3 plugin before 2.4.1 for WordPress has CSRF.... Read more

    Affected Products : wp-d3
    • EPSS Score: %0.11
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10945

    The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.... Read more

    Affected Products : pagelines
    • EPSS Score: %0.20
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10944

    The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.... Read more

    Affected Products : multisite_post_duplicator
    • EPSS Score: %0.20
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10943

    The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.... Read more

    Affected Products : zx-csv-upload
    • EPSS Score: %0.68
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10942

    The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.... Read more

    Affected Products : podlove_podcast_publisher
    • EPSS Score: %0.98
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10941

    The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.... Read more

    Affected Products : podlove_podcast_publisher
    • EPSS Score: %0.26
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10940

    The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.... Read more

    Affected Products : zm-gallery
    • EPSS Score: %14.10
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10939

    The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.... Read more

    Affected Products : xtremelocator
    • EPSS Score: %0.57
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10938

    The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.... Read more

    Affected Products : copy-me
    • EPSS Score: %0.12
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10937

    IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.... Read more

    • EPSS Score: %0.38
    • Published: Sep. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10936

    The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.... Read more

    Affected Products : wp-polls
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10935

    The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.... Read more

    Affected Products : store_exporter_for_woocommerce
    • EPSS Score: %0.34
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results