Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-53314 | Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0. | 9.6 | 0.09% | 2025-06-27 | 2026-06-17 |
| CVE-2026-39640 | Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39620 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39619 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39617 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2025-58997 | Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. | 9.6 | 0.15% | 2025-09-09 | 2026-06-17 |
| CVE-2025-60156 | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34. | 9.6 | 0.15% | 2025-09-26 | 2026-06-17 |
| CVE-2025-58255 | Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. | 9.6 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-54010 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50. | 9.6 | 0.16% | 2025-07-16 | 2026-06-17 |
| CVE-2025-49381 | Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= 1.1.1. | 9.6 | 0.16% | 2025-08-20 | 2026-06-17 |
| CVE-2025-52835 | Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through <= 1.2.0. | 9.6 | 0.17% | 2025-12-30 | 2026-06-17 |
| CVE-2025-30967 | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. | 9.6 | 0.20% | 2025-04-15 | 2026-06-17 |
| CVE-2025-48340 | Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through <= 1.02. | 9.8 | 0.21% | 2025-05-19 | 2026-06-17 |
| CVE-2025-25106 | Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a through <= 2.0.0. | 9.6 | 0.22% | 2025-02-07 | 2026-06-17 |
| CVE-2025-32576 | Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1. | 9.6 | 0.22% | 2025-04-09 | 2026-06-17 |
| CVE-2025-32496 | Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through <= 1.0.5. | 9.6 | 0.22% | 2025-04-09 | 2026-06-17 |
| CVE-2025-30615 | Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Code Injection.This issue affects WP e-Commerce Style Email: from n/a through <= 0.6.2. | 9.6 | 0.22% | 2025-03-24 | 2026-06-17 |
| CVE-2024-49674 | Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through <= 2.2.1. | 9.6 | 0.22% | 2024-10-31 | 2026-06-17 |
| CVE-2025-25107 | Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through <= 0.1.1. | 9.6 | 0.22% | 2025-02-07 | 2026-06-17 |
| CVE-2026-24956 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through <= 1.3.0. | 9.3 | 0.23% | 2026-02-20 | 2026-06-17 |