Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-23942 | Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. | 9.1 | 2.62% | 2025-01-22 | 2026-06-17 |
| CVE-2022-34487 | Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | 9.8 | 2.60% | 2022-07-21 | 2026-06-17 |
| CVE-2022-33198 | Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | 9.8 | 2.60% | 2022-07-21 | 2026-06-17 |
| CVE-2024-5057 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | 9.3 | 2.59% | 2024-08-29 | 2026-06-17 |
| CVE-2024-32700 | Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. | 10.0 | 2.58% | 2024-05-14 | 2026-06-17 |
| CVE-2025-30567 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2. | 7.5 | 2.58% | 2025-03-25 | 2026-06-17 |
| CVE-2023-24000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | 8.2 | 2.57% | 2023-10-31 | 2026-06-17 |
| CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. | 9.8 | 2.38% | 2024-10-28 | 2026-06-17 |
| CVE-2022-45805 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | 8.2 | 2.33% | 2023-11-03 | 2026-06-17 |
| CVE-2023-47873 | Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. | 9.1 | 2.28% | 2024-03-26 | 2026-06-17 |
| CVE-2022-44588 | Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | 9.9 | 2.27% | 2022-12-15 | 2026-06-17 |
| CVE-2024-30502 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. | 9.3 | 2.27% | 2024-03-29 | 2026-06-17 |
| CVE-2024-30498 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | 9.3 | 2.27% | 2024-03-29 | 2026-06-17 |
| CVE-2024-30490 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 9.3 | 2.27% | 2024-03-29 | 2026-06-17 |
| CVE-2024-54382 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through <= 5.1.5. | 4.9 | 2.16% | 2024-12-16 | 2026-06-17 |
| CVE-2022-33901 | Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. | 5.3 | 2.14% | 2022-07-22 | 2026-06-17 |
| CVE-2025-49029 | Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through <= 1.0. | 9.1 | 2.12% | 2025-07-01 | 2026-06-17 |
| CVE-2024-24882 | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | 9.8 | 2.11% | 2024-05-17 | 2026-06-17 |
| CVE-2021-36879 | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | 9.8 | 2.11% | 2021-09-27 | 2026-06-16 |
| CVE-2021-36880 | Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. | 8.6 | 2.07% | 2021-09-27 | 2026-06-16 |