Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-23825 | Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | 3.1 | 0.53% | 2024-12-09 | 2026-06-17 |
| CVE-2023-22676 | Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12. | 3.1 | 0.44% | 2023-12-29 | 2026-06-17 |
| CVE-2022-47163 | Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions. | 3.1 | 0.25% | 2023-03-14 | 2026-06-17 |
| CVE-2022-29454 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | 3.1 | 0.25% | 2022-07-20 | 2026-06-17 |
| CVE-2025-66062 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28. | 3.4 | 0.17% | 2025-11-21 | 2026-06-17 |
| CVE-2024-22308 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | 3.4 | 0.28% | 2024-01-24 | 2026-06-17 |
| CVE-2022-45082 | Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. | 3.4 | 0.40% | 2022-11-18 | 2026-06-17 |
| CVE-2022-40215 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. | 3.4 | 0.41% | 2022-09-23 | 2026-06-17 |
| CVE-2022-38703 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress | 3.4 | 0.41% | 2022-09-23 | 2026-06-17 |
| CVE-2022-37328 | Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress. | 3.4 | 0.43% | 2022-09-23 | 2026-06-17 |
| CVE-2022-36343 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. | 3.4 | 0.45% | 2022-08-01 | 2026-06-17 |
| CVE-2022-30536 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. | 3.4 | 0.59% | 2022-07-21 | 2026-06-17 |
| CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | 3.4 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29432 | Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | 3.4 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-27856 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. | 3.4 | 0.38% | 2023-05-10 | 2026-06-17 |
| CVE-2022-27848 | Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | 3.4 | 0.53% | 2022-04-14 | 2026-06-17 |
| CVE-2022-25618 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | 3.4 | 0.53% | 2022-04-04 | 2026-06-17 |
| CVE-2022-25610 | Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | 3.4 | 0.69% | 2022-03-25 | 2026-06-17 |
| CVE-2021-36910 | Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36889 | Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). | 3.4 | 0.56% | 2021-12-20 | 2026-06-16 |