Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-39598 | Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2. | 8.0 | 0.22% | 2026-06-17 | 2026-06-17 |
| CVE-2024-47319 | Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through <= 2.13.10. | 8.0 | 0.43% | 2024-10-05 | 2026-06-17 |
| CVE-2024-39621 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4. | 8.0 | 0.52% | 2024-08-01 | 2026-06-17 |
| CVE-2024-37560 | Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | 8.0 | 0.37% | 2024-07-12 | 2026-06-17 |
| CVE-2024-31232 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. | 8.0 | 0.57% | 2024-05-17 | 2026-06-17 |
| CVE-2024-30229 | Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2. | 8.0 | 0.61% | 2024-03-28 | 2026-06-17 |
| CVE-2024-29800 | Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. | 8.0 | 0.45% | 2024-05-14 | 2026-06-17 |
| CVE-2024-22152 | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | 8.0 | 0.53% | 2024-01-24 | 2026-06-17 |
| CVE-2024-22135 | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | 8.0 | 0.53% | 2024-01-24 | 2026-06-17 |
| CVE-2023-52209 | Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0. | 8.0 | 0.34% | 2024-08-01 | 2026-06-17 |
| CVE-2023-48275 | Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. | 8.0 | 0.48% | 2024-03-26 | 2026-06-17 |
| CVE-2023-47683 | Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6. | 8.0 | 0.48% | 2024-05-17 | 2026-06-17 |
| CVE-2026-57645 | newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | 8.1 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56031 | Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions. | 8.1 | 0.32% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54845 | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | 8.1 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54842 | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | 8.1 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54814 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52707 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | 8.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-48970 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | 8.1 | 0.32% | 2026-06-15 | 2026-06-17 |
| CVE-2026-42687 | Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | 8.1 | 0.32% | 2026-06-15 | 2026-06-17 |