Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-10963

    The icegram plugin before 1.9.19 for WordPress has XSS.... Read more

    Affected Products : icegram_engage icegram_express
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10962

    The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.... Read more

    Affected Products : icegram_engage icegram_express
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10961

    The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.... Read more

    Affected Products : colorway
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10960

    The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.... Read more

    Affected Products : wsecure
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10959

    The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.... Read more

    Affected Products : estatik
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10958

    The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.... Read more

    Affected Products : estatik
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10957

    The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.... Read more

    Affected Products : akal
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10956

    The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.... Read more

    Affected Products : mail-masta
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10955

    The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.... Read more

    Affected Products : cysteme-finder
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10954

    The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.... Read more

    Affected Products : neosense
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-10953

    The Headway theme before 3.8.9 for WordPress has XSS via the license key field.... Read more

    Affected Products : headway
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10952

    The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.... Read more

    Affected Products : quotes_collection
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10951

    The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.... Read more

    Affected Products : fs-shopping-cart
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10950

    The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.... Read more

    Affected Products : sirv
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10949

    The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.... Read more

    Affected Products : relevanssi
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10948

    The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.... Read more

    Affected Products : post_indexer
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2016-10947

    The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.... Read more

    Affected Products : post_indexer
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10946

    The wp-d3 plugin before 2.4.1 for WordPress has CSRF.... Read more

    Affected Products : wp-d3
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10945

    The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.... Read more

    Affected Products : pagelines
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10944

    The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.... Read more

    Affected Products : multisite_post_duplicator
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292907 Results