Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-45729 | The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. | 5.4 | 0.68% | 2022-01-25 | 2026-06-17 |
| CVE-2022-23975 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | 6.5 | 0.47% | 2022-04-18 | 2026-06-17 |
| CVE-2022-23976 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 8.1 | 0.47% | 2022-04-18 | 2026-06-17 |
| CVE-2022-23979 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). | 4.8 | 0.56% | 2022-01-28 | 2026-06-17 |
| CVE-2022-23980 | Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. | 4.7 | 0.79% | 2022-02-04 | 2026-06-17 |
| CVE-2022-23981 | The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | 4.3 | 0.61% | 2022-02-18 | 2026-06-17 |
| CVE-2022-23982 | The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | 4.3 | 1.16% | 2022-02-18 | 2026-06-17 |
| CVE-2022-23983 | Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | 4.3 | 0.40% | 2022-02-21 | 2026-06-17 |
| CVE-2022-23984 | Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | 3.7 | 1.07% | 2022-02-21 | 2026-06-17 |
| CVE-2022-25599 | Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 5.4 | 0.39% | 2022-02-21 | 2026-06-17 |
| CVE-2022-25600 | Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | 5.4 | 0.55% | 2022-03-11 | 2026-06-17 |
| CVE-2022-25601 | Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | 4.7 | 0.98% | 2022-03-11 | 2026-06-17 |
| CVE-2022-25602 | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.3 | 1.26% | 2022-03-18 | 2026-06-17 |
| CVE-2022-25603 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | 4.8 | 0.54% | 2022-03-18 | 2026-06-17 |
| CVE-2022-25604 | Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | 4.1 | 0.55% | 2022-03-18 | 2026-06-17 |
| CVE-2022-25605 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | 4.8 | 0.54% | 2022-03-18 | 2026-06-17 |
| CVE-2022-25606 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | 4.8 | 0.54% | 2022-03-25 | 2026-06-17 |
| CVE-2022-25607 | Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | 6.6 | 0.80% | 2022-03-18 | 2026-06-17 |
| CVE-2022-25608 | Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | 5.4 | 0.29% | 2022-03-23 | 2026-06-17 |
| CVE-2022-25609 | Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | 5.4 | 0.51% | 2022-03-23 | 2026-06-17 |