Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-39510 | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11. | 2.7 | 0.20% | 2026-04-08 | 2026-06-17 |
| CVE-2026-32445 | Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. | 2.7 | 0.18% | 2026-03-13 | 2026-06-17 |
| CVE-2025-68585 | Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2. | 2.7 | 0.21% | 2025-12-24 | 2026-06-17 |
| CVE-2025-64352 | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4. | 2.7 | 0.19% | 2025-10-31 | 2026-06-17 |
| CVE-2025-64255 | Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8. | 2.7 | 0.26% | 2025-12-09 | 2026-06-17 |
| CVE-2025-64254 | Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1. | 2.7 | 0.21% | 2025-12-09 | 2026-06-17 |
| CVE-2025-58866 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1. | 2.7 | 0.22% | 2025-09-05 | 2026-06-17 |
| CVE-2025-54004 | Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24. | 2.7 | 0.27% | 2025-12-16 | 2026-06-17 |
| CVE-2025-49300 | Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8. | 2.7 | 0.23% | 2025-12-16 | 2026-06-17 |
| CVE-2025-32205 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | 2.7 | 0.32% | 2025-04-10 | 2026-06-17 |
| CVE-2025-31003 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6. | 2.7 | 0.42% | 2025-04-09 | 2026-06-17 |
| CVE-2025-30877 | Missing Authorization vulnerability in fatcatapps Quiz Cat quiz-cat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz Cat: from n/a through <= 3.0.8. | 2.7 | 0.36% | 2025-03-27 | 2026-06-17 |
| CVE-2024-51671 | Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through <= 3.0.3. | 2.7 | 0.46% | 2024-11-19 | 2026-06-17 |
| CVE-2024-4214 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15. | 2.7 | 0.37% | 2024-05-17 | 2026-06-17 |
| CVE-2024-37253 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6. | 2.7 | 0.32% | 2024-07-09 | 2026-06-17 |
| CVE-2024-30507 | Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | 2.7 | 0.43% | 2024-03-29 | 2026-06-17 |
| CVE-2023-46311 | Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | 2.7 | 0.52% | 2023-12-20 | 2026-06-17 |
| CVE-2022-27844 | Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | 2.7 | 1.42% | 2022-04-11 | 2026-06-17 |
| CVE-2021-36906 | Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 2.7 | 0.53% | 2022-11-03 | 2026-06-16 |
| CVE-2022-42494 | Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | 3.0 | 0.55% | 2022-11-08 | 2026-06-17 |