CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 141160 of 17114 results
«« First « Prev Page 8 / 856 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2022-29441 Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. 4.3 0.39% 2022-06-15 2026-06-17
CVE-2022-29442 Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. 5.4 0.51% 2022-06-15 2026-06-17
CVE-2022-29453 Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. 5.4 0.41% 2022-06-15 2026-06-17
CVE-2022-29443 Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. 4.1 0.48% 2022-06-15 2026-06-17
CVE-2022-29450 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. 5.4 0.39% 2022-06-15 2026-06-17
CVE-2021-36891 Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. 5.4 0.37% 2022-06-15 2026-06-16
CVE-2022-28612 Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. 5.4 0.46% 2022-06-15 2026-06-17
CVE-2022-29452 Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. 3.4 0.48% 2022-06-15 2026-06-17
CVE-2022-32280 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. 5.4 0.48% 2022-06-15 2026-06-17
CVE-2021-36827 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". 4.8 0.47% 2022-06-16 2026-06-16
CVE-2021-36849 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. 3.4 0.42% 2022-07-20 2026-06-16
CVE-2022-29454 Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. 3.1 0.25% 2022-07-20 2026-06-17
CVE-2022-29923 Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. 5.9 0.42% 2022-07-20 2026-06-17
CVE-2022-32289 Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. 5.4 0.26% 2022-07-21 2026-06-17
CVE-2022-28666 Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. 5.3 1.18% 2022-07-21 2026-06-17
CVE-2022-30337 Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. 5.4 0.26% 2022-07-21 2026-06-17
CVE-2022-28700 Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. 9.1 1.45% 2022-07-21 2026-06-17
CVE-2022-30536 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. 3.4 0.59% 2022-07-21 2026-06-17
CVE-2022-31475 Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. 5.5 0.67% 2022-07-21 2026-06-17
CVE-2022-33198 Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. 9.8 2.65% 2022-07-21 2026-06-17
«« First « Prev Page 8 / 856 Next »
cvelogic Threat Intelligence