Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-27971 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10. | 8.3 | 1.46% | 2024-05-17 | 2026-06-17 |
| CVE-2024-51788 | Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0. | 10.0 | 1.46% | 2024-11-11 | 2026-06-17 |
| CVE-2024-49668 | Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through <= 1.0. | 10.0 | 1.46% | 2024-10-23 | 2026-06-17 |
| CVE-2023-47504 | Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | 6.5 | 1.45% | 2024-04-24 | 2026-06-17 |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 9.1 | 1.45% | 2022-07-21 | 2026-06-17 |
| CVE-2023-44982 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. | 5.3 | 1.44% | 2023-12-18 | 2026-06-17 |
| CVE-2024-54330 | Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4. | 7.2 | 1.43% | 2024-12-13 | 2026-06-17 |
| CVE-2024-43998 | Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. | 6.5 | 1.43% | 2024-11-01 | 2026-06-17 |
| CVE-2025-54726 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6. | 9.3 | 1.43% | 2025-08-20 | 2026-06-17 |
| CVE-2022-27844 | Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | 2.7 | 1.42% | 2022-04-11 | 2026-06-17 |
| CVE-2024-47374 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2. | 7.1 | 1.41% | 2024-10-05 | 2026-06-17 |
| CVE-2023-47840 | Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | 9.9 | 1.41% | 2023-12-29 | 2026-06-17 |
| CVE-2024-54262 | Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2. | 9.9 | 1.40% | 2024-12-13 | 2026-06-17 |
| CVE-2023-41954 | Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. | 8.6 | 1.40% | 2024-05-17 | 2026-06-17 |
| CVE-2024-25092 | Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. | 8.8 | 1.38% | 2024-06-09 | 2026-06-17 |
| CVE-2023-38388 | Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | 9.0 | 1.37% | 2024-03-26 | 2026-06-17 |
| CVE-2021-31567 | Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. | 6.8 | 1.37% | 2022-01-28 | 2026-06-16 |
| CVE-2024-31114 | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | 9.1 | 1.35% | 2024-03-31 | 2026-06-17 |
| CVE-2024-52375 | Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5. | 10.0 | 1.35% | 2024-11-14 | 2026-06-17 |
| CVE-2024-50492 | Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart allows Code Injection.This issue affects ScottCart: from n/a through <= 1.1. | 8.3 | 1.35% | 2024-10-28 | 2026-06-17 |