Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-9456

    The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents p... Read more

    Affected Products : child_theme_creator
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2015-9455

    The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.... Read more

    Affected Products : buddypress-activity-plus
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9454

    The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.... Read more

    Affected Products : smooth_slider
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9453

    The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.... Read more

    Affected Products : broken_link_manager
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9451

    The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.... Read more

    Affected Products : plugmatter_optin_feature_box
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9450

    The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.... Read more

    Affected Products : plugmatter_optin_feature_box
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-9449

    The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.... Read more

    Affected Products : microblog_poster
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9448

    The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.... Read more

    Affected Products : sendpress
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9447

    The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.... Read more

    Affected Products : unite_gallery_lite
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9446

    The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.... Read more

    Affected Products : unite_gallery_lite
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9445

    The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.... Read more

    Affected Products : unite_gallery_lite
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9444

    The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.... Read more

    Affected Products : altos-connect
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9443

    The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.... Read more

    Affected Products : wp_accurate_form_data
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9442

    The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.... Read more

    Affected Products : directdownload
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9441

    The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.... Read more

    Affected Products : bookmarkify
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9440

    The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.... Read more

    Affected Products : monetize
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-9439

    The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.... Read more

    Affected Products : addthis
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9438

    The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.... Read more

    Affected Products : display-widgets
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9435

    The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.... Read more

    Affected Products : oauth_server
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9434

    The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.... Read more

    Affected Products : kiwi-logo-carousel
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results