Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-10929

    The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.... Read more

    Affected Products : advanced_ajax_page_loader
    • EPSS Score: %0.25
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10928

    The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.... Read more

    Affected Products : onelogin_saml_sso
    • EPSS Score: %0.68
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10927

    The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • EPSS Score: %0.45
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10926

    The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • EPSS Score: %0.45
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10925

    The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.... Read more

    Affected Products : loginwp
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10924

    The ebook-download plugin before 1.2 for WordPress has directory traversal.... Read more

    Affected Products : zedna_ebook_download
    • EPSS Score: %62.23
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10923

    The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • EPSS Score: %0.34
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10922

    The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • EPSS Score: %0.34
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10921

    The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10920

    The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.... Read more

    Affected Products : gnucommerce
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10919

    The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.... Read more

    Affected Products : wassup_real_time_analytics
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10918

    The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.11
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10917

    The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • EPSS Score: %0.69
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10916

    The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.... Read more

    Affected Products : appointment_booking_calendar
    • EPSS Score: %0.51
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10915

    The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.... Read more

    Affected Products : popup
    • EPSS Score: %0.11
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10914

    The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.... Read more

    Affected Products : add_from_server
    • EPSS Score: %0.11
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10913

    The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.... Read more

    Affected Products : wp_latest_posts
    • EPSS Score: %0.19
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10912

    The universal-analytics plugin before 1.3.1 for WordPress has XSS.... Read more

    Affected Products : universal_analytics
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10911

    The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10910

    The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.... Read more

    Affected Products : formbuilder
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results