Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-9476

    The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : teardrop
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9475

    The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : pont
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9474

    The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : simpolio
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9473

    The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.... Read more

    Affected Products : estrutura-basica
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9472

    The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.... Read more

    Affected Products : incoming_links
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9471

    The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.... Read more

    Affected Products : zoomsounds
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9470

    The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.... Read more

    Affected Products : history_collection
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-9469

    The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.... Read more

    Affected Products : content-grabber
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9468

    The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.... Read more

    Affected Products : broken_link_manager
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9467

    The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.... Read more

    Affected Products : broken_link_manager
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9466

    The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.... Read more

    Affected Products : wti_like_post
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9465

    The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.... Read more

    Affected Products : yet_another_stars_rating
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9464

    The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.... Read more

    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9463

    The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.... Read more

    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-9462

    The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.... Read more

    Affected Products : awesome_filterable_portfolio
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-9461

    The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.... Read more

    Affected Products : awesome_filterable_portfolio
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9460

    The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.... Read more

    Affected Products : pinpoint_booking_system
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9459

    The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.... Read more

    Affected Products : seo_searchterms_tagging_2
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-9458

    The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.... Read more

    Affected Products : seo_searchterms_tagging_2
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9456

    The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents p... Read more

    Affected Products : child_theme_creator
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results