Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-23174 | Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | 3.4 | 83.22% | 2022-01-28 | 2026-06-16 |
| CVE-2021-36888 | Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. | 9.8 | 6.74% | 2021-12-15 | 2026-06-16 |
| CVE-2022-29455 | DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | 4.7 | 23.18% | 2022-06-13 | 2026-06-17 |
| CVE-2022-31474 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | 7.5 | 63.76% | 2023-03-13 | 2026-06-17 |
| CVE-2022-41840 | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | 7.5 | 5.12% | 2022-11-18 | 2026-06-17 |
| CVE-2022-45354 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | 5.3 | 38.08% | 2024-01-08 | 2026-06-17 |
| CVE-2022-45359 | Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | 9.8 | 13.51% | 2022-12-06 | 2026-06-17 |
| CVE-2022-45362 | Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | 7.2 | 40.51% | 2023-12-07 | 2026-06-17 |
| CVE-2022-45365 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. | 7.1 | 49.31% | 2023-12-14 | 2026-06-17 |
| CVE-2022-45835 | Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | 5.8 | 37.67% | 2023-11-12 | 2026-06-17 |
| CVE-2022-47615 | Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.3 | 5.06% | 2023-01-26 | 2026-06-17 |
| CVE-2023-30777 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. | 7.1 | 38.77% | 2023-05-10 | 2026-06-17 |
| CVE-2023-32117 | Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. | 9.8 | 6.28% | 2024-12-09 | 2026-06-17 |
| CVE-2023-32243 | Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | 9.8 | 75.95% | 2023-05-12 | 2026-06-17 |
| CVE-2023-37979 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions. | 7.1 | 6.01% | 2023-07-27 | 2026-06-17 |
| CVE-2023-40000 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. | 8.3 | 54.87% | 2024-04-16 | 2026-06-17 |
| CVE-2023-40004 | Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive E | 7.3 | 9.67% | 2024-06-19 | 2026-06-17 |
| CVE-2023-47505 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. | 6.5 | 25.34% | 2023-11-30 | 2026-06-17 |
| CVE-2023-47681 | Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. | 6.5 | 9.16% | 2024-06-19 | 2026-06-17 |
| CVE-2023-51409 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | 10.0 | 65.05% | 2024-04-12 | 2026-06-17 |