Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-52704 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. | 10.0 | 0.31% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 1.24% | 2026-06-05 | 2026-06-08 |
| CVE-2026-48836 | Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions. | 10.0 | 0.57% | 2026-06-15 | 2026-06-15 |
| CVE-2026-45444 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6. | 10.0 | 0.29% | 2026-05-20 | 2026-05-21 |
| CVE-2026-40772 | Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | 10.0 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-23800 | Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. | 10.0 | 0.47% | 2026-01-16 | 2026-04-15 |
| CVE-2025-68001 | Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0. | 10.0 | 0.56% | 2026-01-22 | 2026-04-27 |
| CVE-2025-6327 | Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36. | 10.0 | 0.45% | 2025-11-06 | 2026-04-15 |
| CVE-2025-60235 | Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce (Premium): from n/a through <= 2.0.7. | 10.0 | 0.37% | 2025-11-06 | 2026-04-15 |
| CVE-2025-60219 | Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through <= 1.9.24. | 10.0 | 0.36% | 2025-09-26 | 2026-04-23 |
| CVE-2025-60207 | Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2. | 10.0 | 0.37% | 2025-11-06 | 2026-04-15 |
| CVE-2025-60206 | Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. | 10.0 | 0.44% | 2025-10-22 | 2026-04-15 |
| CVE-2025-58963 | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | 10.0 | 0.41% | 2025-10-22 | 2026-04-27 |
| CVE-2025-53577 | Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS global-dns allows Remote Code Inclusion.This issue affects Global DNS: from n/a through <= 3.1.0. | 10.0 | 0.36% | 2025-08-20 | 2026-04-23 |
| CVE-2025-53283 | Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon allows Upload a Web Shell to a Web Server.This issue affects Drop Uploader for CF7 - Drag&Drop File Uploader Addon: from n/a through <= 2.4.1. | 10.0 | 0.37% | 2025-11-06 | 2026-04-15 |
| CVE-2025-50002 | Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2. | 10.0 | 0.51% | 2026-01-22 | 2026-04-27 |
| CVE-2025-49885 | Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through <= 5.0.6. | 10.0 | 0.35% | 2025-06-27 | 2026-04-23 |
| CVE-2025-49447 | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | 10.0 | 0.34% | 2025-06-17 | 2026-04-28 |
| CVE-2025-49444 | Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through <= 1.0.5. | 10.0 | 0.34% | 2025-06-17 | 2026-04-23 |
| CVE-2025-49414 | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0. | 10.0 | 0.34% | 2025-07-04 | 2026-04-23 |