Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-29441 | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | 4.3 | 0.39% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29442 | Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | 5.4 | 0.51% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29453 | Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | 5.4 | 0.41% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29443 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | 4.1 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | 5.4 | 0.39% | 2022-06-15 | 2026-06-17 |
| CVE-2021-36891 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | 5.4 | 0.37% | 2022-06-15 | 2026-06-16 |
| CVE-2022-28612 | Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | 5.4 | 0.46% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | 3.4 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2022-32280 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. | 5.4 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2021-36827 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | 4.8 | 0.47% | 2022-06-16 | 2026-06-16 |
| CVE-2021-36849 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | 3.4 | 0.42% | 2022-07-20 | 2026-06-16 |
| CVE-2022-29454 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | 3.1 | 0.25% | 2022-07-20 | 2026-06-17 |
| CVE-2022-29923 | Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. | 5.9 | 0.42% | 2022-07-20 | 2026-06-17 |
| CVE-2022-32289 | Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. | 5.4 | 0.26% | 2022-07-21 | 2026-06-17 |
| CVE-2022-28666 | Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. | 5.3 | 1.18% | 2022-07-21 | 2026-06-17 |
| CVE-2022-30337 | Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. | 5.4 | 0.26% | 2022-07-21 | 2026-06-17 |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 9.1 | 1.45% | 2022-07-21 | 2026-06-17 |
| CVE-2022-30536 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. | 3.4 | 0.59% | 2022-07-21 | 2026-06-17 |
| CVE-2022-31475 | Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 5.5 | 0.67% | 2022-07-21 | 2026-06-17 |
| CVE-2022-33198 | Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | 9.8 | 2.65% | 2022-07-21 | 2026-06-17 |