Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-48157 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.9. | 8.1 | 2.04% | 2025-08-20 | 2026-06-17 |
| CVE-2023-50839 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. | 9.3 | 2.04% | 2023-12-28 | 2026-06-17 |
| CVE-2023-40211 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | 7.5 | 2.04% | 2023-11-30 | 2026-06-17 |
| CVE-2023-40600 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. | 5.3 | 2.04% | 2023-11-30 | 2026-06-17 |
| CVE-2024-32825 | Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3. | 7.5 | 2.02% | 2024-04-24 | 2026-06-17 |
| CVE-2024-43144 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | 9.3 | 2.00% | 2024-08-29 | 2026-06-17 |
| CVE-2024-38773 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17. | 9.3 | 1.99% | 2024-07-22 | 2026-06-17 |
| CVE-2023-28787 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. | 9.3 | 1.98% | 2024-03-26 | 2026-06-17 |
| CVE-2025-25163 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3. | 7.5 | 1.97% | 2025-02-07 | 2026-06-17 |
| CVE-2021-36917 | WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. | 6.5 | 1.94% | 2021-11-24 | 2026-06-16 |
| CVE-2024-50417 | Missing Authorization vulnerability in boldthemes Bold Page Builder bold-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through <= 5.1.3. | 4.3 | 1.92% | 2024-11-19 | 2026-06-17 |
| CVE-2024-43965 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. | 8.2 | 1.88% | 2024-08-29 | 2026-06-17 |
| CVE-2024-56278 | Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. | 9.1 | 1.85% | 2025-01-07 | 2026-06-17 |
| CVE-2025-32614 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4. | 8.8 | 1.83% | 2025-04-11 | 2026-06-17 |
| CVE-2021-36909 | Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | 8.8 | 1.83% | 2021-11-18 | 2026-06-16 |
| CVE-2024-54363 | Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0. | 9.8 | 1.82% | 2024-12-16 | 2026-06-17 |
| CVE-2021-36916 | The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. | 8.6 | 1.80% | 2021-11-24 | 2026-06-16 |
| CVE-2024-51793 | Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115. | 10.0 | 1.79% | 2024-11-11 | 2026-06-17 |
| CVE-2024-52475 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through < 3.0.18. | 9.8 | 1.79% | 2024-11-28 | 2026-06-17 |
| CVE-2025-30911 | Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. | 9.9 | 1.76% | 2025-04-01 | 2026-06-17 |