Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-23550 | Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. | 9.8 | 18.91% | 2026-01-14 | 2026-06-17 |
| CVE-2025-48148 | Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. | 10.0 | 14.92% | 2025-08-20 | 2026-06-17 |
| CVE-2025-47646 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. | 9.8 | 21.75% | 2025-05-23 | 2026-06-17 |
| CVE-2025-47539 | Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. | 9.8 | 29.64% | 2025-05-23 | 2026-06-17 |
| CVE-2025-32583 | Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. | 9.9 | 12.19% | 2025-04-17 | 2026-06-17 |
| CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | 9.8 | 50.19% | 2025-05-01 | 2026-06-17 |
| CVE-2025-24587 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23. | 7.6 | 31.06% | 2025-01-24 | 2026-06-17 |
| CVE-2024-56067 | Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 7.5 | 10.03% | 2024-12-31 | 2026-06-17 |
| CVE-2024-56064 | Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 10.0 | 14.49% | 2024-12-31 | 2026-06-17 |
| CVE-2024-51818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. | 9.3 | 15.49% | 2025-01-21 | 2026-06-17 |
| CVE-2024-50498 | Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. | 10.0 | 53.64% | 2024-10-28 | 2026-06-17 |
| CVE-2024-44000 | Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. | 9.8 | 83.18% | 2024-10-20 | 2026-06-17 |
| CVE-2024-43989 | Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1. | 7.5 | 10.49% | 2024-09-22 | 2026-06-17 |
| CVE-2024-43919 | Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | 5.3 | 43.59% | 2024-11-01 | 2026-06-17 |
| CVE-2024-43917 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | 9.3 | 21.77% | 2024-08-29 | 2026-06-17 |
| CVE-2024-30491 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 8.5 | 32.05% | 2024-03-29 | 2026-06-17 |
| CVE-2024-28000 | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | 9.8 | 67.92% | 2024-08-21 | 2026-06-17 |
| CVE-2024-27956 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | 9.9 | 93.97% | 2024-03-21 | 2026-06-17 |
| CVE-2024-27954 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | 9.3 | 72.95% | 2024-05-17 | 2026-06-17 |
| CVE-2024-25600 | Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | 87.45% | 2024-06-04 | 2026-06-17 |