Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-54198 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54191 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49069 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21. | 7.1 | 0.15% | 2026-06-10 | 2026-06-10 |
| CVE-2026-49055 | Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48966 | Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48885 | Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48876 | Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48871 | Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | 7.1 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48867 | Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48865 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6. | 7.1 | 0.15% | 2026-06-01 | 2026-06-01 |
| CVE-2026-48839 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6. | 7.1 | 0.15% | 2026-06-01 | 2026-06-01 |
| CVE-2026-48838 | Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions. | 7.1 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-45437 | Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42775 | Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42762 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9. | 7.1 | 0.15% | 2026-05-27 | 2026-05-27 |
| CVE-2026-42759 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through <= 1.10.1. | 7.1 | 0.15% | 2026-05-27 | 2026-05-27 |
| CVE-2026-42754 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through <= 1.3.46. | 7.1 | 0.15% | 2026-05-27 | 2026-05-27 |
| CVE-2026-42749 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through <= 1.3.0. | 7.1 | 0.24% | 2026-05-27 | 2026-05-27 |
| CVE-2026-42739 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through <= 8.10.7. | 7.1 | 0.15% | 2026-05-27 | 2026-05-27 |