Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-9412

    The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.... Read more

    Affected Products : royal-slider
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9411

    The Postmatic plugin before 1.4.6 for WordPress has XSS.... Read more

    Affected Products : replyable
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9410

    The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.... Read more

    Affected Products : powerpress
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9409

    The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.... Read more

    Affected Products : alo-easymail
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9408

    The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.... Read more

    Affected Products : xpinner_lite
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9407

    The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.... Read more

    Affected Products : xpinner_lite
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9406

    Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.... Read more

    Affected Products : mtheme-unus
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9405

    The wp-piwik plugin before 1.0.5 for WordPress has XSS.... Read more

    Affected Products : wp-piwik
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9404

    The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.... Read more

    Affected Products : neuvoo-jobroll
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9403

    The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.... Read more

    Affected Products : neuvoo-jobroll
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9402

    The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.... Read more

    Affected Products : users_ultra_membership
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2015-9401

    The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.... Read more

    Affected Products : websimon-tables
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9400

    The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.... Read more

    Affected Products : wordpress_meta_robots
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-9399

    The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.... Read more

    Affected Products : wp-stats-dashboard
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9398

    The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.... Read more

    Affected Products : gocodes
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9397

    The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.... Read more

    Affected Products : gocodes
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9396

    The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.... Read more

    Affected Products : auto_thickbox_plus
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9395

    The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.... Read more

    Affected Products : users_ultra_membership
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9394

    The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.... Read more

    Affected Products : users_ultra_membership
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9393

    The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.... Read more

    Affected Products : users_ultra_membership
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results