Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-36889 | Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). | 3.4 | 0.56% | 2021-12-20 | 2026-06-16 |
| CVE-2021-36864 | Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 3.4 | 0.41% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36849 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | 3.4 | 0.42% | 2022-07-20 | 2026-06-16 |
| CVE-2021-36848 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36844 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | 3.4 | 0.52% | 2022-05-02 | 2026-06-16 |
| CVE-2021-23174 | Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | 3.4 | 83.85% | 2022-01-28 | 2026-06-16 |
| CVE-2025-58816 | Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor ecommerce-product-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Carousel Slider for Elementor: from n/a through <= 2.1.3. | 3.5 | 0.22% | 2025-09-05 | 2026-06-17 |
| CVE-2024-37234 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | 3.5 | 0.27% | 2024-07-06 | 2026-06-17 |
| CVE-2024-35777 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2. | 3.5 | 0.35% | 2024-07-09 | 2026-06-17 |
| CVE-2023-41695 | Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0. | 3.5 | 0.45% | 2024-12-13 | 2026-06-17 |
| CVE-2023-24375 | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14. | 3.5 | 0.42% | 2024-12-09 | 2026-06-17 |
| CVE-2022-45819 | Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. | 3.5 | 0.40% | 2024-12-13 | 2026-06-17 |
| CVE-2024-45453 | Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect jf3-maintenance-mode.This issue affects Maintenance Redirect: from n/a through <= 2.0.1. | 3.7 | 0.33% | 2024-09-22 | 2026-06-17 |
| CVE-2024-43944 | Authentication Bypass by Spoofing vulnerability in ilyasine Maintenance & Coming Soon Redirect Animation maintenance-coming-soon-redirect-animation allows Identity Spoofing.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through <= 2.3.3. | 3.7 | 0.36% | 2024-08-29 | 2026-06-17 |
| CVE-2024-35749 | Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6. | 3.7 | 0.30% | 2024-06-10 | 2026-06-17 |
| CVE-2024-32708 | Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1. | 3.7 | 0.37% | 2024-05-17 | 2026-06-17 |
| CVE-2024-31265 | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | 3.7 | 0.24% | 2024-04-12 | 2026-06-17 |
| CVE-2024-31254 | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | 3.7 | 0.48% | 2024-04-10 | 2026-06-17 |
| CVE-2024-30512 | Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20. | 3.7 | 0.35% | 2024-06-09 | 2026-06-17 |
| CVE-2024-30480 | Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2. | 3.7 | 0.48% | 2024-05-17 | 2026-06-17 |