Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-9501

    The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.... Read more

    Affected Products : artificial_intelligence
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9500

    The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.... Read more

    Affected Products : exquisite_ultimate_newspaper
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9499

    The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.... Read more

    Affected Products : showbiz_pro
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9498

    The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.... Read more

    Affected Products : wps_hide_login
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9497

    The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.... Read more

    Affected Products : ad_inserter
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9496

    The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.... Read more

    Affected Products : freshmail-newsletter
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9495

    The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.... Read more

    Affected Products : syndication_links
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9494

    The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.... Read more

    Affected Products : indieweb_post_kinds
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9493

    The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.... Read more

    Affected Products : my_wish_list
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9492

    The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate... Read more

    Affected Products : smartit_premium_responsive
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9491

    The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrat... Read more

    Affected Products : blessing_premium_responsive
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9490

    The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_user... Read more

    Affected Products : gamestheme_premium
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9489

    The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate... Read more

    Affected Products : goodnex_premium_responsive
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9488

    The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/upl... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9487

    The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrat... Read more

    Affected Products : almera_responsive_portfolio
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9486

    The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/... Read more

    Affected Products : axioma_premium_responsive
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9485

    The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-cont... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9484

    The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9483

    The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-cont... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9482

    The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_d... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292787 Results