Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-25612 | Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | 4.1 | 0.55% | 2022-03-25 | 2026-06-17 |
| CVE-2021-36826 | Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. | 5.4 | 0.60% | 2022-04-04 | 2026-06-16 |
| CVE-2021-36851 | Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | 4.1 | 0.53% | 2022-04-04 | 2026-06-16 |
| CVE-2022-25613 | Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | 4.1 | 0.54% | 2022-04-04 | 2026-06-17 |
| CVE-2022-25618 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | 3.4 | 0.53% | 2022-04-04 | 2026-06-17 |
| CVE-2021-36846 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | 4.8 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36848 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36893 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | 4.8 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36896 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | 4.8 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36910 | Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2022-25614 | Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | 4.3 | 0.42% | 2022-04-11 | 2026-06-17 |
| CVE-2022-25615 | Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | 4.3 | 0.42% | 2022-04-11 | 2026-06-17 |
| CVE-2022-27844 | Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | 2.7 | 1.42% | 2022-04-11 | 2026-06-17 |
| CVE-2022-27845 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 | 4.8 | 0.81% | 2022-04-11 | 2026-06-17 |
| CVE-2021-36914 | Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | 6.1 | 0.48% | 2022-04-12 | 2026-06-16 |
| CVE-2022-27846 | Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. | 4.3 | 0.40% | 2022-04-13 | 2026-06-17 |
| CVE-2022-27847 | Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. | 4.3 | 0.40% | 2022-04-13 | 2026-06-17 |
| CVE-2022-27848 | Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | 3.4 | 0.53% | 2022-04-14 | 2026-06-17 |
| CVE-2021-36828 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions. | 4.8 | 0.51% | 2022-04-15 | 2026-06-16 |
| CVE-2022-27849 | Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 5.3 | 4.62% | 2022-04-15 | 2026-06-17 |