Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2016-10996

    The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.... Read more

    Affected Products : optinmonster
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10995

    The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php.... Read more

    Affected Products : telvolution
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10994

    The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.... Read more

    Affected Products : truemag_theme
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10993

    The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.... Read more

    Affected Products : scoreme
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10992

    The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.... Read more

    Affected Products : music_store
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10991

    The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.... Read more

    Affected Products : imdb-widget
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10990

    The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.... Read more

    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10989

    The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.... Read more

    Affected Products : leenk.me
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10988

    The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.... Read more

    Affected Products : leenk.me
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10987

    The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.... Read more

    Affected Products : persian_woocommerce_sms
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10986

    The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.... Read more

    Affected Products : tweet_wheel
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10985

    The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.... Read more

    Affected Products : echo_sign
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10984

    The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.... Read more

    Affected Products : echo_sign
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10983

    The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.... Read more

    Affected Products : ghost
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10982

    The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.... Read more

    Affected Products : kento-post-view-counter
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10981

    The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.... Read more

    Affected Products : kento-post-view-counter
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10980

    The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.... Read more

    Affected Products : kento-post-view-counter
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10979

    The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.... Read more

    Affected Products : tag_miner
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10978

    The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.... Read more

    Affected Products : tag_miner
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10977

    The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.... Read more

    Affected Products : nelio_ab_testing
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results