CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source)：[email protected] Remove this filter

EPSS Score

≥ 1% ≥ 5% ≥ 10% ≥ 30% ≥ 50%

CVSS score

≥ 6 ≥ 7 ≥ 8 ≥ 9

CVE	Description	Max CVSS	EPSS %	Published	Updated
CVE-2021-36879	Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.	9.8	2.11%	2021-09-27	2024-11-21
CVE-2021-36888	Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.	9.8	6.74%	2021-12-15	2024-11-21
CVE-2022-27862	Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.	9.8	1.64%	2022-04-19	2024-11-21
CVE-2022-28700	Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.	9.1	1.42%	2022-07-21	2025-02-20
CVE-2022-33198	Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.	9.8	2.60%	2022-07-21	2024-11-21
CVE-2022-34487	Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.	9.8	2.60%	2022-07-21	2024-11-21
CVE-2022-30998	Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.	9.1	0.70%	2022-07-22	2024-11-21
CVE-2022-33965	Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.	9.3	3.35%	2022-07-25	2026-03-06
CVE-2022-34149	Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.	9.8	0.97%	2022-08-22	2024-11-21
CVE-2022-34858	Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.	9.8	1.27%	2022-08-22	2024-11-21
CVE-2022-36386	Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.	9.1	1.08%	2022-09-21	2025-02-20
CVE-2022-40200	Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.	9.9	0.89%	2022-11-17	2025-02-20
CVE-2022-42497	Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	10.0	1.06%	2022-11-18	2025-02-20
CVE-2022-42698	Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	9.8	0.89%	2022-11-18	2024-11-21
CVE-2022-44584	Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.	9.1	0.82%	2022-11-18	2024-11-21
CVE-2022-45822	Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.	10.0	0.75%	2022-12-05	2024-11-21
CVE-2022-42888	Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.	9.8	0.69%	2022-12-06	2024-11-21
CVE-2022-45359	Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.	9.8	13.51%	2022-12-06	2024-11-21
CVE-2022-42699	Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.	9.1	1.32%	2022-12-06	2026-04-28
CVE-2022-44588	Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.	9.9	2.27%	2022-12-15	2026-04-28

cvelogic Threat Intelligence