Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-23982 | The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | 4.3 | 1.16% | 2022-02-18 | 2024-11-21 |
| CVE-2021-26256 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | 4.7 | 0.82% | 2022-02-21 | 2024-11-21 |
| CVE-2022-23983 | Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | 4.3 | 0.40% | 2022-02-21 | 2024-11-21 |
| CVE-2022-23984 | Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | 3.7 | 1.07% | 2022-02-21 | 2024-11-21 |
| CVE-2022-25599 | Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 5.4 | 0.39% | 2022-02-21 | 2024-11-21 |
| CVE-2022-25600 | Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | 5.4 | 0.55% | 2022-03-11 | 2025-05-07 |
| CVE-2022-25601 | Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | 4.7 | 0.98% | 2022-03-11 | 2024-11-21 |
| CVE-2021-23150 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. | 4.8 | 0.53% | 2022-03-18 | 2024-11-21 |
| CVE-2021-23209 | Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). | 4.8 | 0.53% | 2022-03-18 | 2024-11-21 |
| CVE-2021-44760 | Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. | 4.8 | 0.52% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25602 | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.3 | 1.26% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25603 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | 4.8 | 0.54% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25604 | Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | 4.1 | 0.55% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25605 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | 4.8 | 0.54% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25607 | Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | 6.6 | 0.80% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25608 | Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | 5.4 | 0.29% | 2022-03-23 | 2024-11-21 |
| CVE-2022-25609 | Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | 5.4 | 0.51% | 2022-03-23 | 2024-11-21 |
| CVE-2022-25606 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | 4.8 | 0.54% | 2022-03-25 | 2024-11-21 |
| CVE-2022-25610 | Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | 3.4 | 0.69% | 2022-03-25 | 2024-11-21 |
| CVE-2022-25611 | Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | 4.1 | 0.55% | 2022-03-25 | 2024-11-21 |