Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-11007

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.... Read more

    Affected Products : wp-invoice
    • EPSS Score: %0.32
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11006

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.... Read more

    Affected Products : wp-invoice
    • EPSS Score: %0.23
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11005

    The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.... Read more

    Affected Products : instalinker
    • EPSS Score: %0.19
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-11004

    The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.... Read more

    Affected Products : monarch
    • EPSS Score: %0.20
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-11003

    The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.... Read more

    Affected Products : monarch
    • EPSS Score: %0.20
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-11002

    The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.... Read more

    Affected Products : extra
    • EPSS Score: %0.20
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11001

    The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.... Read more

    Affected Products : user_submitted_posts
    • EPSS Score: %0.17
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-11000

    The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.... Read more

    Affected Products : ultimate_exporter
    • EPSS Score: %0.55
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10999

    The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.... Read more

    Affected Products : goodnews
    • EPSS Score: %0.19
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10998

    The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.... Read more

    Affected Products : ocim-mp3
    • EPSS Score: %0.19
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10997

    The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.... Read more

    Affected Products : beauty-premium
    • EPSS Score: %0.19
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-10996

    The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.... Read more

    Affected Products : optinmonster
    • EPSS Score: %0.16
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10995

    The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php.... Read more

    Affected Products : telvolution
    • EPSS Score: %0.84
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10994

    The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.... Read more

    Affected Products : truemag_theme
    • EPSS Score: %0.94
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10993

    The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.... Read more

    Affected Products : scoreme
    • EPSS Score: %6.28
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10992

    The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.... Read more

    Affected Products : music_store
    • EPSS Score: %0.26
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10991

    The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.... Read more

    Affected Products : imdb-widget
    • EPSS Score: %0.60
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10990

    The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.... Read more

    • EPSS Score: %1.19
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10989

    The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.... Read more

    Affected Products : leenk.me
    • EPSS Score: %0.24
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10988

    The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.... Read more

    Affected Products : leenk.me
    • EPSS Score: %0.24
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291794 Results