Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-25649 | Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | 5.0 | 0.69% | 2022-08-05 | 2026-06-17 |
| CVE-2022-33201 | Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | 6.3 | 0.30% | 2022-08-05 | 2026-06-17 |
| CVE-2022-36284 | Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. | 6.4 | 0.51% | 2022-08-05 | 2026-06-17 |
| CVE-2022-36296 | Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. | 6.5 | 0.57% | 2022-08-05 | 2026-06-17 |
| CVE-2021-36847 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | 4.8 | 0.46% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36852 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | 4.3 | 0.31% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36857 | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | 4.8 | 0.46% | 2022-08-22 | 2026-06-16 |
| CVE-2022-33900 | PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | 4.1 | 0.65% | 2022-08-22 | 2026-06-17 |
| CVE-2022-34149 | Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 | 0.97% | 2022-08-22 | 2026-06-17 |
| CVE-2022-34347 | Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 4.2 | 0.29% | 2022-08-22 | 2026-06-17 |
| CVE-2022-34857 | Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | 6.1 | 0.47% | 2022-08-22 | 2026-06-17 |
| CVE-2022-34858 | Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 | 1.27% | 2022-08-22 | 2026-06-17 |
| CVE-2022-36346 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | 4.3 | 0.32% | 2022-08-22 | 2026-06-17 |
| CVE-2022-29476 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. | 6.1 | 0.43% | 2022-08-23 | 2026-06-17 |
| CVE-2022-33142 | Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | 7.7 | 0.87% | 2022-08-23 | 2026-06-17 |
| CVE-2022-34648 | Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | 4.8 | 0.43% | 2022-08-23 | 2026-06-17 |
| CVE-2022-34658 | Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 5.4 | 0.43% | 2022-08-23 | 2026-06-17 |
| CVE-2022-34868 | Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | 8.8 | 0.85% | 2022-08-23 | 2026-06-17 |
| CVE-2022-35235 | Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | 4.9 | 0.94% | 2022-08-23 | 2026-06-17 |
| CVE-2022-35242 | Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | 6.5 | 0.53% | 2022-08-23 | 2026-06-17 |