Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-36841 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | 6.9 | 0.63% | 2021-09-27 | 2026-06-16 |
| CVE-2021-36843 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. | 4.8 | 0.56% | 2021-11-26 | 2026-06-16 |
| CVE-2021-36844 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | 3.4 | 0.52% | 2022-05-02 | 2026-06-16 |
| CVE-2021-36845 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be aut | 6.9 | 0.71% | 2021-09-27 | 2026-06-16 |
| CVE-2021-36846 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | 4.8 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36847 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | 4.8 | 0.46% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36848 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36849 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | 3.4 | 0.42% | 2022-07-20 | 2026-06-16 |
| CVE-2021-36850 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. | 5.4 | 0.42% | 2021-10-04 | 2026-06-16 |
| CVE-2021-36851 | Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | 4.1 | 0.53% | 2022-04-04 | 2026-06-16 |
| CVE-2021-36852 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | 4.3 | 0.31% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36854 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 5.4 | 0.27% | 2022-09-30 | 2026-06-16 |
| CVE-2021-36855 | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 6.1 | 0.22% | 2022-09-30 | 2026-06-16 |
| CVE-2021-36857 | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | 4.8 | 0.46% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36858 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. | 4.8 | 0.41% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36861 | Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. | 5.4 | 0.27% | 2022-08-05 | 2026-06-16 |
| CVE-2021-36863 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 5.4 | 0.44% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36864 | Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 3.4 | 0.41% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36865 | Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | 3.8 | 0.41% | 2022-09-30 | 2026-06-16 |
| CVE-2021-36866 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | 4.8 | 0.52% | 2022-06-02 | 2026-06-16 |