Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-9345

    The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.... Read more

    Affected Products : link_log
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9344

    The link-log plugin before 2.1 for WordPress has SQL injection.... Read more

    Affected Products : link_log
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-9343

    The wp-rollback plugin before 1.2.3 for WordPress has CSRF.... Read more

    Affected Products : wp_rollback
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9342

    The wp-rollback plugin before 1.2.3 for WordPress has XSS.... Read more

    Affected Products : wp_rollback
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9341

    The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.... Read more

    Affected Products : wordpress_file_upload
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9340

    The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.... Read more

    Affected Products : wordpress_file_upload
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9339

    The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.... Read more

    Affected Products : wordpress_file_upload
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9338

    The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.... Read more

    Affected Products : wordpress_file_upload
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9337

    The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.... Read more

    Affected Products : profile_builder
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9336

    The clean-login plugin before 1.5.1 for WordPress has reflected XSS.... Read more

    Affected Products : clean_login
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9335

    The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.... Read more

    Affected Products : limit_attempts
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9334

    The email-newsletter plugin through 20.15 for WordPress has SQL injection.... Read more

    Affected Products : email-newsletter
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9333

    The cforms2 plugin before 14.6.10 for WordPress has SQL injection.... Read more

    Affected Products : cformsii
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-9332

    The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.... Read more

    Affected Products : wordpress_uninstall
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-9331

    The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9330

    The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9329

    The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.... Read more

    Affected Products : wp_all_import
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9328

    The profile-builder plugin before 2.2.5 for WordPress has XSS.... Read more

    Affected Products : profile_builder
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-9327

    The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.... Read more

    Affected Products : flickr_justified_gallery
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9326

    The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.... Read more

    Affected Products : wp_business_intelligence
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results