Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-29448 | Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. | 6.8 | 0.98% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29426 | Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | 5.4 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29427 | Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress. | 4.3 | 0.40% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29428 | Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress. | 4.1 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29430 | Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | 4.7 | 0.34% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29431 | Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. | 5.4 | 0.36% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29432 | Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | 3.4 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29434 | Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 6.3 | 0.66% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29447 | Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | 6.8 | 0.98% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29408 | Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 4.7 | 0.66% | 2022-05-25 | 2026-06-17 |
| CVE-2021-36866 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | 4.8 | 0.52% | 2022-06-02 | 2026-06-16 |
| CVE-2021-36890 | Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | 4.3 | 0.40% | 2022-06-02 | 2026-06-16 |
| CVE-2022-29455 | DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | 4.7 | 23.18% | 2022-06-13 | 2026-06-17 |
| CVE-2021-36901 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | 6.1 | 0.74% | 2022-06-15 | 2026-06-16 |
| CVE-2022-27859 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | 4.1 | 0.62% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29406 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | 4.1 | 0.58% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29437 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 5.4 | 0.41% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29438 | Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 4.8 | 0.51% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29439 | Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | 5.4 | 0.39% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29440 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | 5.4 | 0.51% | 2022-06-15 | 2026-06-17 |