Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-39519 | Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39512 | Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39511 | Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39502 | Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39493 | Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions. | 9.3 | 0.36% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39492 | Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. | 9.3 | 0.36% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39465 | Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions. | 9.1 | 0.68% | 2026-06-15 | 2026-06-17 |
| CVE-2026-39441 | Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-17 |
| CVE-2026-34901 | Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. | 9.8 | 0.32% | 2026-06-15 | 2026-06-17 |
| CVE-2026-27053 | Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | 9.8 | 0.39% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52704 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. | 10.0 | 0.31% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49060 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | 9.8 | 0.46% | 2026-06-11 | 2026-06-17 |
| CVE-2026-42647 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. | 9.3 | 1.30% | 2026-06-11 | 2026-06-17 |
| CVE-2026-39494 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2. | 9.3 | 0.39% | 2026-06-11 | 2026-06-17 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 1.66% | 2026-06-05 | 2026-06-17 |
| CVE-2026-42684 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | 9.3 | 0.29% | 2026-06-02 | 2026-06-17 |
| CVE-2025-53209 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | 9.8 | 0.27% | 2026-06-02 | 2026-06-17 |
| CVE-2026-42672 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1. | 9.3 | 0.24% | 2026-06-01 | 2026-06-17 |
| CVE-2026-48879 | Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17. | 9.8 | 0.34% | 2026-06-01 | 2026-06-17 |
| CVE-2026-48866 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1. | 9.6 | 0.50% | 2026-06-01 | 2026-06-17 |