Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-10981

    The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.... Read more

    Affected Products : kento-post-view-counter
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10980

    The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.... Read more

    Affected Products : kento-post-view-counter
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10979

    The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.... Read more

    Affected Products : tag_miner
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10978

    The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.... Read more

    Affected Products : tag_miner
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10977

    The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.... Read more

    Affected Products : nelio_ab_testing
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10976

    The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.... Read more

    Affected Products : safe_editor
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10975

    The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.... Read more

    Affected Products : fluid-responsive-slideshow
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10974

    The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.... Read more

    Affected Products : fluid-responsive-slideshow
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10973

    The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.... Read more

    Affected Products : brafton
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10972

    The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.... Read more

    Affected Products : newspaper
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10971

    The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.... Read more

    Affected Products : membersonic
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10970

    The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.... Read more

    Affected Products : supportflow
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10969

    The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.... Read more

    Affected Products : supportflow
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10968

    The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.... Read more

    Affected Products : peepso
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10967

    The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.... Read more

    Affected Products : real3d_flipbook
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10966

    The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.... Read more

    Affected Products : real3d_flipbook
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10965

    The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.... Read more

    Affected Products : real3d_flipbook
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10964

    The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.... Read more

    Affected Products : dwnldr
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10963

    The icegram plugin before 1.9.19 for WordPress has XSS.... Read more

    Affected Products : icegram_engage icegram_express
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-10962

    The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.... Read more

    Affected Products : icegram_engage icegram_express
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results