Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-39670 | Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | 6.0 | 0.16% | 2026-04-08 | 2026-04-24 |
| CVE-2023-33310 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. | 6.0 | 0.68% | 2024-05-17 | 2026-04-15 |
| CVE-2022-47426 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4. | 6.0 | 0.55% | 2023-11-03 | 2026-04-28 |
| CVE-2022-29419 | SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | 6.0 | 0.80% | 2022-04-25 | 2024-11-21 |
| CVE-2025-25093 | Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper child-themes-helper allows Path Traversal.This issue affects Child Themes Helper: from n/a through <= 2.2.7. | 6.1 | 0.16% | 2025-02-07 | 2026-04-23 |
| CVE-2024-55996 | Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through <= 3.5.6. | 6.1 | 0.34% | 2024-12-16 | 2026-04-23 |
| CVE-2024-24889 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9. | 6.1 | 0.33% | 2024-02-12 | 2026-04-28 |
| CVE-2023-32123 | Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | 6.1 | 0.20% | 2023-11-13 | 2026-04-28 |
| CVE-2022-46809 | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | 6.1 | 0.79% | 2023-11-07 | 2026-04-28 |
| CVE-2022-46803 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. | 6.1 | 0.70% | 2023-11-07 | 2026-04-28 |
| CVE-2022-46802 | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | 6.1 | 0.70% | 2023-11-07 | 2026-04-28 |
| CVE-2022-46801 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0. | 6.1 | 0.70% | 2023-11-07 | 2026-04-28 |
| CVE-2022-45850 | Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. | 6.1 | 0.18% | 2024-03-28 | 2026-04-28 |
| CVE-2022-45848 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. | 6.1 | 0.41% | 2022-12-06 | 2024-11-21 |
| CVE-2022-45847 | Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. | 6.1 | 0.18% | 2024-03-27 | 2026-04-28 |
| CVE-2022-45838 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions. | 6.1 | 0.41% | 2023-04-18 | 2024-11-21 |
| CVE-2022-45370 | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | 6.1 | 0.85% | 2023-11-07 | 2026-04-28 |
| CVE-2022-45357 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | 6.1 | 0.85% | 2023-11-07 | 2026-04-28 |
| CVE-2022-44741 | Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | 6.1 | 0.29% | 2022-11-08 | 2024-11-21 |
| CVE-2022-43480 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | 6.1 | 0.39% | 2023-04-16 | 2026-04-28 |