Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-25600 | Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | 88.23% | 2024-06-04 | 2026-06-17 |
| CVE-2024-34370 | Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | 7.2 | 1.09% | 2024-05-17 | 2026-06-17 |
| CVE-2024-33644 | Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. | 9.9 | 1.11% | 2024-05-17 | 2026-06-17 |
| CVE-2024-32523 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. | 8.1 | 1.75% | 2024-05-17 | 2026-06-17 |
| CVE-2024-27971 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10. | 8.3 | 1.46% | 2024-05-17 | 2026-06-17 |
| CVE-2024-27954 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | 9.3 | 72.95% | 2024-05-17 | 2026-06-17 |
| CVE-2024-24882 | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | 9.8 | 2.11% | 2024-05-17 | 2026-06-17 |
| CVE-2024-22145 | Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | 8.8 | 1.11% | 2024-05-17 | 2026-06-17 |
| CVE-2023-46197 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. | 5.3 | 1.27% | 2024-05-17 | 2026-06-17 |
| CVE-2024-31351 | Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | 10.0 | 1.62% | 2024-05-17 | 2026-06-17 |
| CVE-2023-41954 | Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. | 8.6 | 1.40% | 2024-05-17 | 2026-06-17 |
| CVE-2023-37999 | Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. | 9.8 | 3.04% | 2024-05-17 | 2026-06-17 |
| CVE-2023-26540 | Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | 9.8 | 2.73% | 2024-05-17 | 2026-06-17 |
| CVE-2023-26009 | Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | 9.8 | 2.73% | 2024-05-17 | 2026-06-17 |
| CVE-2024-34555 | Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. | 10.0 | 1.22% | 2024-05-14 | 2026-06-17 |
| CVE-2024-32700 | Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. | 10.0 | 2.58% | 2024-05-14 | 2026-06-17 |
| CVE-2024-33911 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. | 7.6 | 1.09% | 2024-05-02 | 2026-06-17 |
| CVE-2024-33575 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. | 5.3 | 1.12% | 2024-04-29 | 2026-06-17 |
| CVE-2024-33566 | Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | 10.0 | 1.07% | 2024-04-29 | 2026-06-17 |
| CVE-2024-33559 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | 9.3 | 3.55% | 2024-04-29 | 2026-06-17 |