Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-41840 | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | 7.5 | 5.12% | 2022-11-18 | 2026-06-17 |
| CVE-2024-54385 | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83. | 7.2 | 5.11% | 2024-12-16 | 2026-06-17 |
| CVE-2025-49388 | Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. | 9.8 | 5.07% | 2025-08-28 | 2026-06-17 |
| CVE-2022-47615 | Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.3 | 5.06% | 2023-01-26 | 2026-06-17 |
| CVE-2025-47577 | Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. | 10.0 | 4.91% | 2025-05-19 | 2026-06-17 |
| CVE-2025-47445 | Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. | 7.5 | 4.65% | 2025-05-14 | 2026-06-17 |
| CVE-2024-43160 | Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. | 10.0 | 4.62% | 2024-08-13 | 2026-06-17 |
| CVE-2022-27849 | Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 5.3 | 4.41% | 2022-04-15 | 2026-06-17 |
| CVE-2022-45808 | SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.9 | 4.27% | 2023-01-26 | 2026-06-17 |
| CVE-2023-48777 | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | 9.9 | 4.10% | 2024-03-26 | 2026-06-17 |
| CVE-2023-30868 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions. | 7.1 | 4.00% | 2023-05-18 | 2026-06-17 |
| CVE-2024-33559 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | 9.3 | 3.55% | 2024-04-29 | 2026-06-17 |
| CVE-2022-33965 | Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | 9.3 | 3.35% | 2022-07-25 | 2026-06-17 |
| CVE-2023-30869 | Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | 9.8 | 3.10% | 2023-05-02 | 2026-06-17 |
| CVE-2024-52433 | Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2. | 9.8 | 3.07% | 2024-11-18 | 2026-06-17 |
| CVE-2023-37999 | Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. | 9.8 | 3.04% | 2024-05-17 | 2026-06-17 |
| CVE-2022-41978 | Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | 8.8 | 2.97% | 2022-11-09 | 2026-06-17 |
| CVE-2025-22785 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. | 9.3 | 2.85% | 2025-01-15 | 2026-06-17 |
| CVE-2023-26540 | Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | 9.8 | 2.73% | 2024-05-17 | 2026-06-17 |
| CVE-2023-26009 | Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | 9.8 | 2.73% | 2024-05-17 | 2026-06-17 |