Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57330 | Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions. | 6.5 | 0.17% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57329 | Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions. | 6.5 | 0.21% | 2026-06-29 | 2026-07-01 |
| CVE-2026-57328 | Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | 6.5 | 0.21% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57327 | Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | 6.3 | 0.25% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57326 | Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | 6.1 | 0.18% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57320 | Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions. | 7.1 | 0.18% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57346 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3. | 7.1 | 0.27% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57676 | Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. | 4.3 | 0.18% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57667 | Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-29 |
| CVE-2026-57665 | Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | 5.3 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57664 | Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | 4.3 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57663 | Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57662 | Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57661 | Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | 5.4 | 0.22% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57660 | Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions. | 5.3 | 0.18% | 2026-06-26 | 2026-06-29 |
| CVE-2026-57659 | Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | 8.8 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57658 | Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | 9.1 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57657 | Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | 4.3 | 0.10% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57656 | Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | 5.9 | 0.14% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57655 | Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | 8.2 | 0.11% | 2026-06-26 | 2026-06-26 |