CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 6180 of 16855 results
«« First « Prev Page 4 / 843 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-36898 Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. 7.5 0.82% 2022-10-28 2026-06-16
CVE-2021-36899 Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. 4.8 0.44% 2022-10-11 2026-06-16
CVE-2021-36901 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. 6.1 0.74% 2022-06-15 2026-06-16
CVE-2021-36905 Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. 5.4 0.43% 2022-11-17 2026-06-16
CVE-2021-36906 Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. 2.7 0.53% 2022-11-03 2026-06-16
CVE-2021-36908 Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. 8.8 0.69% 2021-11-18 2026-06-16
CVE-2021-36909 Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. 8.8 1.83% 2021-11-18 2026-06-16
CVE-2021-36910 Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. 3.4 0.56% 2022-04-11 2026-06-16
CVE-2021-36911 Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. 4.8 0.55% 2021-12-10 2026-06-16
CVE-2021-36912 Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. 5.4 0.53% 2022-05-06 2026-06-16
CVE-2021-36913 Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. 7.5 0.52% 2022-10-11 2026-06-16
CVE-2021-36914 Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. 6.1 0.48% 2022-04-12 2026-06-16
CVE-2021-36915 Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. 4.2 0.24% 2022-10-11 2026-06-16
CVE-2021-36916 The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. 8.6 1.80% 2021-11-24 2026-06-16
CVE-2021-36917 WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. 6.5 1.94% 2021-11-24 2026-06-16
CVE-2021-36919 Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). 6.1 0.55% 2021-11-26 2026-06-16
CVE-2021-36920 Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). 4.8 0.57% 2022-01-14 2026-06-16
CVE-2021-44760 Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. 4.8 0.52% 2022-03-18 2026-06-17
CVE-2021-44777 Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). 5.4 0.39% 2022-01-19 2026-06-17
CVE-2021-44779 Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. 7.3 1.06% 2022-02-04 2026-06-17
«« First « Prev Page 4 / 843 Next »
cvelogic Threat Intelligence