Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-9350

    The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.... Read more

    Affected Products : feed_them_social
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9349

    The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.... Read more

    Affected Products : ckeditor
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9348

    The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.... Read more

    Affected Products : sell_downloads
    • EPSS Score: %0.55
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9347

    The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.... Read more

    Affected Products : plotly
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9346

    The cp-polls plugin before 1.0.5 for WordPress has XSS.... Read more

    Affected Products : polls_cp
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9345

    The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.... Read more

    Affected Products : link_log
    • EPSS Score: %0.25
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9344

    The link-log plugin before 2.1 for WordPress has SQL injection.... Read more

    Affected Products : link_log
    • EPSS Score: %0.51
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9343

    The wp-rollback plugin before 1.2.3 for WordPress has CSRF.... Read more

    Affected Products : wp_rollback
    • EPSS Score: %0.15
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9342

    The wp-rollback plugin before 1.2.3 for WordPress has XSS.... Read more

    Affected Products : wp_rollback
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9341

    The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.... Read more

    Affected Products : wordpress_file_upload
    • EPSS Score: %0.28
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9340

    The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.... Read more

    Affected Products : wordpress_file_upload
    • EPSS Score: %0.25
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9339

    The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.... Read more

    Affected Products : wordpress_file_upload
    • EPSS Score: %0.25
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9338

    The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.... Read more

    Affected Products : wordpress_file_upload
    • EPSS Score: %0.28
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9337

    The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.21
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9336

    The clean-login plugin before 1.5.1 for WordPress has reflected XSS.... Read more

    Affected Products : clean_login
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9335

    The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.... Read more

    Affected Products : limit_attempts
    • EPSS Score: %0.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9334

    The email-newsletter plugin through 20.15 for WordPress has SQL injection.... Read more

    Affected Products : email-newsletter
    • EPSS Score: %0.61
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9333

    The cforms2 plugin before 14.6.10 for WordPress has SQL injection.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.60
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9332

    The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.... Read more

    Affected Products : wordpress_uninstall
    • EPSS Score: %0.10
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9331

    The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.... Read more

    Affected Products : wp_all_import
    • EPSS Score: %0.55
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292110 Results