Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-9487

    The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrat... Read more

    Affected Products : almera_responsive_portfolio
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9486

    The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/... Read more

    Affected Products : axioma_premium_responsive
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9485

    The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-cont... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9484

    The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9483

    The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-cont... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9482

    The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_d... Read more

    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9481

    The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_us... Read more

    Affected Products : diplomat_\|_political
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9480

    The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.... Read more

    Affected Products : robotcpa
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9479

    The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.... Read more

    Affected Products : acf_fronted_display
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9478

    prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.... Read more

    Affected Products : prettyphoto
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9477

    The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : vernissage
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9476

    The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : teardrop
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9475

    The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : pont
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9474

    The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.... Read more

    Affected Products : simpolio
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9473

    The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.... Read more

    Affected Products : estrutura-basica
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9472

    The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.... Read more

    Affected Products : incoming_links
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9471

    The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.... Read more

    Affected Products : zoomsounds
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9470

    The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.... Read more

    Affected Products : history_collection
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-9469

    The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.... Read more

    Affected Products : content-grabber
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9468

    The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.... Read more

    Affected Products : broken_link_manager
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292813 Results