CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 44 results
«« First « Prev Page 1 / 3 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-23174 Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. 3.4 83.22% 2022-01-28 2026-06-16
CVE-2021-36888 Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. 9.8 6.74% 2021-12-15 2026-06-16
CVE-2022-29455 DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. 4.7 23.18% 2022-06-13 2026-06-17
CVE-2022-31474 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. 7.5 63.76% 2023-03-13 2026-06-17
CVE-2022-41840 Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. 7.5 5.12% 2022-11-18 2026-06-17
CVE-2022-45354 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. 5.3 38.08% 2024-01-08 2026-06-17
CVE-2022-45359 Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. 9.8 13.51% 2022-12-06 2026-06-17
CVE-2022-45362 Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. 7.2 40.51% 2023-12-07 2026-06-17
CVE-2022-45365 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. 7.1 49.31% 2023-12-14 2026-06-17
CVE-2022-45835 Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. 5.8 37.67% 2023-11-12 2026-06-17
CVE-2022-47615 Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. 9.3 5.06% 2023-01-26 2026-06-17
CVE-2023-30777 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. 7.1 38.77% 2023-05-10 2026-06-17
CVE-2023-32117 Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. 9.8 6.28% 2024-12-09 2026-06-17
CVE-2023-32243 Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. 9.8 75.95% 2023-05-12 2026-06-17
CVE-2023-37979 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions. 7.1 6.01% 2023-07-27 2026-06-17
CVE-2023-40000 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. 8.3 54.87% 2024-04-16 2026-06-17
CVE-2023-40004 Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive E 7.3 9.67% 2024-06-19 2026-06-17
CVE-2023-47505 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. 6.5 25.34% 2023-11-30 2026-06-17
CVE-2023-47681 Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. 6.5 9.16% 2024-06-19 2026-06-17
CVE-2023-51409 Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. 10.0 65.05% 2024-04-12 2026-06-17
«« First « Prev Page 1 / 3 Next »
cvelogic Threat Intelligence