CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 81100 of 16961 results
«« First « Prev Page 5 / 849 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-45729 The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. 5.4 0.68% 2022-01-25 2026-06-17
CVE-2022-23975 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. 6.5 0.47% 2022-04-18 2026-06-17
CVE-2022-23976 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). 8.1 0.47% 2022-04-18 2026-06-17
CVE-2022-23979 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). 4.8 0.56% 2022-01-28 2026-06-17
CVE-2022-23980 Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. 4.7 0.79% 2022-02-04 2026-06-17
CVE-2022-23981 The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). 4.3 0.61% 2022-02-18 2026-06-17
CVE-2022-23982 The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. 4.3 1.16% 2022-02-18 2026-06-17
CVE-2022-23983 Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). 4.3 0.40% 2022-02-21 2026-06-17
CVE-2022-23984 Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). 3.7 1.07% 2022-02-21 2026-06-17
CVE-2022-25599 Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). 5.4 0.39% 2022-02-21 2026-06-17
CVE-2022-25600 Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 5.4 0.55% 2022-03-11 2026-06-17
CVE-2022-25601 Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 4.7 0.98% 2022-03-11 2026-06-17
CVE-2022-25602 Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). 8.3 1.26% 2022-03-18 2026-06-17
CVE-2022-25603 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). 4.8 0.54% 2022-03-18 2026-06-17
CVE-2022-25604 Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). 4.1 0.55% 2022-03-18 2026-06-17
CVE-2022-25605 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. 4.8 0.54% 2022-03-18 2026-06-17
CVE-2022-25606 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. 4.8 0.54% 2022-03-25 2026-06-17
CVE-2022-25607 Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). 6.6 0.80% 2022-03-18 2026-06-17
CVE-2022-25608 Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. 5.4 0.29% 2022-03-23 2026-06-17
CVE-2022-25609 Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. 5.4 0.51% 2022-03-23 2026-06-17
«« First « Prev Page 5 / 849 Next »
cvelogic Threat Intelligence