Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-27850 | Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 5.4 | 0.37% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27851 | Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | 5.4 | 0.37% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27852 | Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. | 6.1 | 0.66% | 2022-04-15 | 2026-06-17 |
| CVE-2022-23975 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | 6.5 | 0.47% | 2022-04-18 | 2026-06-17 |
| CVE-2022-23976 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 8.1 | 0.47% | 2022-04-18 | 2026-06-17 |
| CVE-2022-27853 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 | 4.8 | 0.50% | 2022-04-18 | 2026-06-17 |
| CVE-2022-27862 | Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | 9.8 | 1.64% | 2022-04-19 | 2026-06-17 |
| CVE-2022-27863 | Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | 5.3 | 1.05% | 2022-04-19 | 2026-06-17 |
| CVE-2022-29417 | Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | 4.3 | 0.58% | 2022-04-25 | 2026-06-17 |
| CVE-2022-29418 | Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. | 4.8 | 0.50% | 2022-04-25 | 2026-06-17 |
| CVE-2022-29419 | SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | 6.0 | 0.80% | 2022-04-25 | 2026-06-17 |
| CVE-2021-36867 | Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. | 5.4 | 0.53% | 2022-04-26 | 2026-06-16 |
| CVE-2021-36895 | Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. | 4.7 | 0.70% | 2022-04-26 | 2026-06-16 |
| CVE-2022-27854 | Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | 5.4 | 0.54% | 2022-04-26 | 2026-06-17 |
| CVE-2022-27860 | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. | 6.1 | 0.36% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29415 | Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. | 6.1 | 0.70% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29410 | Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | 7.4 | 0.86% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29411 | SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | 8.3 | 1.02% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29412 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | 5.4 | 0.39% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29413 | Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. | 4.7 | 0.36% | 2022-04-28 | 2026-06-17 |