Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-6372 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5. | 7.5 | 0.20% | 2026-04-15 | 2026-04-22 |
| CVE-2026-54198 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54197 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. | 6.5 | 0.21% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54191 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54190 | Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | 6.5 | 0.20% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52712 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | 7.6 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52711 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | 7.5 | 0.23% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52704 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. | 10.0 | 0.31% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52700 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52699 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52697 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52695 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | 7.5 | 0.25% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52694 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52693 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52692 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49781 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |