Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-36821 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11. | 7.1 | 0.41% | 2023-03-16 | 2024-11-21 |
| CVE-2021-36874 | Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 7.1 | 1.06% | 2021-09-27 | 2024-11-21 |
| CVE-2021-36879 | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | 9.8 | 2.11% | 2021-09-27 | 2024-11-21 |
| CVE-2021-36880 | Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. | 8.6 | 2.07% | 2021-09-27 | 2024-11-21 |
| CVE-2021-36888 | Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. | 9.8 | 6.74% | 2021-12-15 | 2024-11-21 |
| CVE-2021-36898 | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 7.5 | 0.82% | 2022-10-28 | 2026-04-28 |
| CVE-2021-36908 | Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. | 8.8 | 0.69% | 2021-11-18 | 2024-11-21 |
| CVE-2021-36909 | Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | 8.8 | 1.83% | 2021-11-18 | 2024-11-21 |
| CVE-2021-36913 | Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. | 7.5 | 0.52% | 2022-10-11 | 2024-11-21 |
| CVE-2021-36916 | The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. | 8.6 | 1.80% | 2021-11-24 | 2024-11-21 |
| CVE-2021-44779 | Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. | 7.3 | 1.06% | 2022-02-04 | 2024-11-21 |
| CVE-2022-23976 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 8.1 | 0.47% | 2022-04-18 | 2024-11-21 |
| CVE-2022-25602 | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.3 | 1.26% | 2022-03-18 | 2024-11-21 |
| CVE-2022-27858 | CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | 7.4 | 0.80% | 2022-11-08 | 2024-11-21 |
| CVE-2022-27862 | Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | 9.8 | 1.64% | 2022-04-19 | 2024-11-21 |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 9.1 | 1.42% | 2022-07-21 | 2025-02-20 |
| CVE-2022-29410 | Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | 7.4 | 0.84% | 2022-04-28 | 2024-11-21 |
| CVE-2022-29411 | SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | 8.3 | 1.02% | 2022-04-28 | 2024-11-21 |
| CVE-2022-29429 | Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | 8.8 | 0.89% | 2022-05-17 | 2024-11-21 |
| CVE-2022-29451 | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | 8.8 | 0.56% | 2022-04-29 | 2024-11-21 |