Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-24618 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4. | 4.3 | N/A | 2026-06-12 | 2026-06-12 |
| CVE-2026-49060 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | 9.8 | 0.04% | 2026-06-11 | 2026-06-12 |
| CVE-2026-42653 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. | 7.1 | 0.03% | 2026-06-11 | 2026-06-12 |
| CVE-2026-42647 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. | 9.3 | 5.18% | 2026-06-11 | 2026-06-12 |
| CVE-2026-39494 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2. | 9.3 | 0.03% | 2026-06-11 | 2026-06-12 |
| CVE-2023-32959 | Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2. | 4.3 | 0.06% | 2026-06-11 | 2026-06-11 |
| CVE-2023-25969 | Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4. | 5.4 | 0.03% | 2026-06-11 | 2026-06-11 |
| CVE-2022-47150 | Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10. | 4.3 | 0.01% | 2026-06-11 | 2026-06-11 |
| CVE-2022-45813 | Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3. | 5.4 | 0.31% | 2026-06-11 | 2026-06-11 |
| CVE-2022-44630 | Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0. | 4.6 | 0.03% | 2026-06-11 | 2026-06-11 |
| CVE-2022-42479 | Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5. | 5.4 | 0.06% | 2026-06-11 | 2026-06-11 |
| CVE-2024-32110 | Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2. | 4.3 | 0.03% | 2026-06-11 | 2026-06-11 |
| CVE-2023-40200 | Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6. | 5.3 | 0.03% | 2026-06-11 | 2026-06-11 |
| CVE-2023-33999 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2. | 7.1 | 0.21% | 2026-06-11 | 2026-06-11 |
| CVE-2026-49069 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21. | 7.1 | 0.03% | 2026-06-10 | 2026-06-10 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 6.55% | 2026-06-05 | 2026-06-08 |
| CVE-2026-49077 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2. | 5.3 | 0.03% | 2026-06-04 | 2026-06-04 |
| CVE-2026-49771 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. | 7.6 | 0.03% | 2026-06-04 | 2026-06-04 |
| CVE-2025-15656 | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | 8.8 | 0.04% | 2026-06-03 | 2026-06-04 |
| CVE-2025-15655 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0. | 7.6 | 0.03% | 2026-06-03 | 2026-06-04 |