Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2015-9423

    The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.... Read more

    Affected Products : plugnedit
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9422

    The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcon... Read more

    Affected Products : plugnedit
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9421

    The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.... Read more

    Affected Products : olevmedia_shortcodes
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9420

    The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.... Read more

    Affected Products : soundcloud_is_gold
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9419

    The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.... Read more

    Affected Products : captain-slider
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-9418

    The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.... Read more

    Affected Products : watupro
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9417

    The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.... Read more

    Affected Products : testimonial_slider
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9416

    The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.... Read more

    Affected Products : wpml sitepress-multilingual-cms
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9415

    The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.... Read more

    Affected Products : bj_lazy_load
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9414

    The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.... Read more

    Affected Products : wp-symposium
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9413

    The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.... Read more

    Affected Products : eshop
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9412

    The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.... Read more

    Affected Products : royal-slider
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9411

    The Postmatic plugin before 1.4.6 for WordPress has XSS.... Read more

    Affected Products : replyable
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-9410

    The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.... Read more

    Affected Products : powerpress
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9409

    The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.... Read more

    Affected Products : alo-easymail
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9408

    The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.... Read more

    Affected Products : xpinner_lite
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9407

    The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.... Read more

    Affected Products : xpinner_lite
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9406

    Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.... Read more

    Affected Products : mtheme-unus
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9405

    The wp-piwik plugin before 1.0.5 for WordPress has XSS.... Read more

    Affected Products : wp-piwik
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9404

    The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.... Read more

    Affected Products : neuvoo-jobroll
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292813 Results