Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-9445

    The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.... Read more

    Affected Products : unite_gallery_lite
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9444

    The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.... Read more

    Affected Products : altos-connect
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9443

    The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.... Read more

    Affected Products : wp_accurate_form_data
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9442

    The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.... Read more

    Affected Products : directdownload
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9441

    The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.... Read more

    Affected Products : bookmarkify
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9440

    The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.... Read more

    Affected Products : monetize
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-9439

    The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.... Read more

    Affected Products : addthis
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9438

    The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.... Read more

    Affected Products : display-widgets
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9435

    The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.... Read more

    Affected Products : oauth_server
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9434

    The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.... Read more

    Affected Products : kiwi-logo-carousel
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9433

    The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.... Read more

    Affected Products : wp_social_bookmarking_light
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9432

    The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.... Read more

    Affected Products : alpine-photo-tile-for-instagram
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9431

    The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.... Read more

    Affected Products : qtranslate_x
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9430

    The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.... Read more

    Affected Products : crazy_bone
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9429

    The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.... Read more

    Affected Products : yith_maintenance_mode
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9428

    The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.... Read more

    Affected Products : wp_legal_pages
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9427

    The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.... Read more

    Affected Products : googmonify
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2015-9426

    The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.... Read more

    Affected Products : manual_image_crop
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9425

    The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.... Read more

    Affected Products : social_locker
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9424

    The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.... Read more

    Affected Products : multicons
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292813 Results