Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-30911 | Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. | 9.9 | 1.76% | 2025-04-01 | 2026-06-17 |
| CVE-2024-32523 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. | 8.1 | 1.75% | 2024-05-17 | 2026-06-17 |
| CVE-2023-29439 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions. | 7.1 | 1.75% | 2023-05-16 | 2026-06-17 |
| CVE-2024-32128 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. | 9.3 | 1.72% | 2024-04-15 | 2026-06-17 |
| CVE-2024-47308 | Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2. | 6.5 | 1.70% | 2024-11-01 | 2026-06-17 |
| CVE-2026-34885 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34. | 8.5 | 1.67% | 2026-04-06 | 2026-06-17 |
| CVE-2024-55982 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2. | 9.3 | 1.67% | 2024-12-16 | 2026-06-17 |
| CVE-2024-56059 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0. | 9.8 | 1.66% | 2024-12-18 | 2026-06-17 |
| CVE-2024-56058 | Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through <= 2.0.1. | 9.8 | 1.66% | 2024-12-18 | 2026-06-17 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 1.66% | 2026-06-05 | 2026-06-17 |
| CVE-2023-32590 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4. | 9.3 | 1.65% | 2023-12-20 | 2026-06-17 |
| CVE-2022-27862 | Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | 9.8 | 1.64% | 2022-04-19 | 2026-06-17 |
| CVE-2024-31351 | Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | 10.0 | 1.62% | 2024-05-17 | 2026-06-17 |
| CVE-2024-27972 | Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24. | 9.9 | 1.61% | 2024-04-03 | 2026-06-17 |
| CVE-2023-23897 | Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions. | 4.3 | 1.61% | 2023-07-10 | 2026-06-17 |
| CVE-2025-69411 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3. | 7.5 | 1.61% | 2026-03-05 | 2026-06-17 |
| CVE-2024-54369 | Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2. | 9.1 | 1.56% | 2024-12-16 | 2026-06-17 |
| CVE-2024-52380 | Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0. | 10.0 | 1.54% | 2024-11-14 | 2026-06-17 |
| CVE-2024-30464 | Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15. | 5.4 | 1.52% | 2024-06-09 | 2026-06-17 |
| CVE-2024-43918 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. | 10.0 | 1.49% | 2024-08-29 | 2026-06-17 |