Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-42699 | Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | 9.1 | 1.32% | 2022-12-06 | 2026-06-17 |
| CVE-2025-60188 | Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1. | 7.5 | 1.31% | 2025-11-06 | 2026-06-17 |
| CVE-2025-48281 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through <= 3.21.1. | 9.3 | 1.31% | 2025-06-09 | 2026-06-17 |
| CVE-2024-32136 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3. | 7.6 | 1.31% | 2024-04-15 | 2026-06-17 |
| CVE-2026-42647 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. | 9.3 | 1.30% | 2026-06-11 | 2026-06-17 |
| CVE-2024-50509 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. | 8.6 | 1.30% | 2024-10-30 | 2026-06-17 |
| CVE-2023-25699 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. | 9.0 | 1.29% | 2024-04-03 | 2026-06-17 |
| CVE-2023-45657 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | 8.5 | 1.28% | 2023-11-06 | 2026-06-17 |
| CVE-2025-62039 | Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.6.6. | 7.5 | 1.27% | 2025-11-06 | 2026-06-17 |
| CVE-2023-46197 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. | 5.3 | 1.27% | 2024-05-17 | 2026-06-17 |
| CVE-2022-34858 | Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 | 1.27% | 2022-08-22 | 2026-06-17 |
| CVE-2022-25602 | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.3 | 1.26% | 2022-03-18 | 2026-06-17 |
| CVE-2024-37091 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 9.9 | 1.24% | 2024-06-24 | 2026-06-17 |
| CVE-2023-37988 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions. | 7.1 | 1.23% | 2023-08-10 | 2026-06-17 |
| CVE-2024-50476 | Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1. | 9.8 | 1.22% | 2024-10-29 | 2026-06-17 |
| CVE-2024-50475 | Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0. | 9.8 | 1.22% | 2024-10-29 | 2026-06-17 |
| CVE-2024-56249 | Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1. | 9.1 | 1.22% | 2025-01-02 | 2026-06-17 |
| CVE-2024-34555 | Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. | 10.0 | 1.22% | 2024-05-14 | 2026-06-17 |
| CVE-2023-34000 | Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | 7.5 | 1.21% | 2023-06-14 | 2026-06-17 |
| CVE-2025-47492 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Path Traversal.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through <= 1.4.3. | 8.6 | 1.21% | 2025-05-23 | 2026-06-17 |