Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-9333

    The cforms2 plugin before 14.6.10 for WordPress has SQL injection.... Read more

    Affected Products : cformsii
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9332

    The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.... Read more

    Affected Products : wordpress_uninstall
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9331

    The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9330

    The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9329

    The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9328

    The profile-builder plugin before 2.2.5 for WordPress has XSS.... Read more

    Affected Products : profile_builder
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9327

    The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.... Read more

    Affected Products : flickr_justified_gallery
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9326

    The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.... Read more

    Affected Products : wp_business_intelligence
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9325

    The visitors-online plugin before 0.4 for WordPress has SQL injection.... Read more

    Affected Products : visitors_online
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9323

    The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.... Read more

    Affected Products : 404_to_301
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9322

    The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.... Read more

    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9321

    The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.... Read more

    Affected Products : shortcode_factory
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9320

    The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.... Read more

    Affected Products : optiontree
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9319

    The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.... Read more

    Affected Products : greg\'s_high_performance_seo
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9318

    The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.... Read more

    Affected Products : awesome_support
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9317

    The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.... Read more

    Affected Products : awesome_support
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9316

    The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.... Read more

    Affected Products : wp_fastest_cache
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9315

    The newstatpress plugin before 1.0.1 for WordPress has SQL injection.... Read more

    Affected Products : newstatpress
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9314

    The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.... Read more

    Affected Products : newstatpress
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9313

    The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.... Read more

    Affected Products : newstatpress
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results