Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-36898 | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 7.5 | 0.82% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36899 | Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. | 4.8 | 0.44% | 2022-10-11 | 2026-06-16 |
| CVE-2021-36901 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | 6.1 | 0.74% | 2022-06-15 | 2026-06-16 |
| CVE-2021-36905 | Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 5.4 | 0.43% | 2022-11-17 | 2026-06-16 |
| CVE-2021-36906 | Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 2.7 | 0.53% | 2022-11-03 | 2026-06-16 |
| CVE-2021-36908 | Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. | 8.8 | 0.69% | 2021-11-18 | 2026-06-16 |
| CVE-2021-36909 | Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | 8.8 | 1.83% | 2021-11-18 | 2026-06-16 |
| CVE-2021-36910 | Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36911 | Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. | 4.8 | 0.55% | 2021-12-10 | 2026-06-16 |
| CVE-2021-36912 | Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | 5.4 | 0.53% | 2022-05-06 | 2026-06-16 |
| CVE-2021-36913 | Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. | 7.5 | 0.52% | 2022-10-11 | 2026-06-16 |
| CVE-2021-36914 | Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | 6.1 | 0.48% | 2022-04-12 | 2026-06-16 |
| CVE-2021-36915 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. | 4.2 | 0.24% | 2022-10-11 | 2026-06-16 |
| CVE-2021-36916 | The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. | 8.6 | 1.80% | 2021-11-24 | 2026-06-16 |
| CVE-2021-36917 | WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. | 6.5 | 1.94% | 2021-11-24 | 2026-06-16 |
| CVE-2021-36919 | Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | 6.1 | 0.55% | 2021-11-26 | 2026-06-16 |
| CVE-2021-36920 | Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | 4.8 | 0.57% | 2022-01-14 | 2026-06-16 |
| CVE-2021-44760 | Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. | 4.8 | 0.52% | 2022-03-18 | 2026-06-17 |
| CVE-2021-44777 | Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | 5.4 | 0.39% | 2022-01-19 | 2026-06-17 |
| CVE-2021-44779 | Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. | 7.3 | 1.06% | 2022-02-04 | 2026-06-17 |