Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-29005 | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28984 | Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28981 | Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28974 | Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28966 | Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28964 | Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28958 | Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar bg-orthodox-calendar allows Stored XSS.This issue affects Bg Orthodox Calendar: from n/a through <= 0.13.10. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28952 | Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints cubepoints allows Cross Site Request Forgery.This issue affects CubePoints: from n/a through <= 3.2.1. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28950 | Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author post-author allows Stored XSS.This issue affects Post Author: from n/a through <= 1.1.1. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-27360 | Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through <= 1.4.9. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-27359 | Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through <= 2.3.1. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-24772 | Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 pay-with-contact-form-7 allows Cross Site Request Forgery.This issue affects Pay with Contact Form 7: from n/a through <= 1.0.4. | 5.4 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-22634 | Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through <= 2.4.5. | 5.4 | 0.05% | 2025-03-27 | 2026-06-17 |
| CVE-2025-58831 | Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. | 4.3 | 0.05% | 2025-09-05 | 2026-06-17 |
| CVE-2025-26768 | Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15. | 7.1 | 0.05% | 2025-02-16 | 2026-06-17 |
| CVE-2025-26759 | Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5. | 7.1 | 0.05% | 2025-02-16 | 2026-06-17 |
| CVE-2025-62908 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.05% | 2025-10-26 | 2025-11-21 |
| CVE-2025-52709 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.05% | 2025-06-27 | 2025-09-04 |
| CVE-2025-25168 | Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7. | 7.1 | 0.05% | 2025-02-07 | 2026-06-17 |
| CVE-2025-25166 | Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8. | 7.1 | 0.05% | 2025-02-07 | 2026-06-17 |