Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-56053 | Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. | 8.8 | 0.39% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56051 | Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions. | 7.1 | 0.18% | 2026-06-25 | 2026-06-29 |
| CVE-2026-56049 | Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions. | 8.5 | 0.35% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56042 | Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions. | 7.1 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56014 | Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions. | 7.1 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56006 | Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions. | 7.1 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56005 | Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. | 7.1 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54849 | Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54848 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. | 8.3 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54845 | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | 8.1 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54844 | Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions. | 7.5 | 0.24% | 2026-06-25 | 2026-06-29 |
| CVE-2026-54843 | Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54842 | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | 8.1 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54841 | Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. | 7.5 | 0.29% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54838 | Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54836 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54830 | Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. | 7.5 | 0.24% | 2026-06-25 | 2026-06-29 |
| CVE-2026-54829 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005. | 7.5 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54828 | Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | 7.5 | 0.24% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54823 | Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | 9.9 | 0.43% | 2026-06-25 | 2026-06-25 |