CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 181200 of 16965 results
«« First « Prev Page 10 / 849 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2022-25649 Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. 5.0 0.69% 2022-08-05 2026-06-17
CVE-2022-33201 Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. 6.3 0.30% 2022-08-05 2026-06-17
CVE-2022-36284 Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. 6.4 0.51% 2022-08-05 2026-06-17
CVE-2022-36296 Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. 6.5 0.57% 2022-08-05 2026-06-17
CVE-2021-36847 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. 4.8 0.46% 2022-08-22 2026-06-16
CVE-2021-36852 Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. 4.3 0.31% 2022-08-22 2026-06-16
CVE-2021-36857 Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. 4.8 0.46% 2022-08-22 2026-06-16
CVE-2022-33900 PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. 4.1 0.65% 2022-08-22 2026-06-17
CVE-2022-34149 Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. 9.8 0.97% 2022-08-22 2026-06-17
CVE-2022-34347 Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. 4.2 0.29% 2022-08-22 2026-06-17
CVE-2022-34857 Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress 6.1 0.47% 2022-08-22 2026-06-17
CVE-2022-34858 Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. 9.8 1.27% 2022-08-22 2026-06-17
CVE-2022-36346 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. 4.3 0.32% 2022-08-22 2026-06-17
CVE-2022-29476 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. 6.1 0.43% 2022-08-23 2026-06-17
CVE-2022-33142 Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. 7.7 0.87% 2022-08-23 2026-06-17
CVE-2022-34648 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. 4.8 0.43% 2022-08-23 2026-06-17
CVE-2022-34658 Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. 5.4 0.43% 2022-08-23 2026-06-17
CVE-2022-34868 Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. 8.8 0.85% 2022-08-23 2026-06-17
CVE-2022-35235 Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. 4.9 0.94% 2022-08-23 2026-06-17
CVE-2022-35242 Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. 6.5 0.53% 2022-08-23 2026-06-17
«« First « Prev Page 10 / 849 Next »
cvelogic Threat Intelligence