Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-24417 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | N/A | N/A | 2022-12-30 | 2023-11-07 |
| CVE-2022-3905 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | N/A | N/A | 2022-12-30 | 2023-11-07 |
| CVE-2022-4327 | Rejected reason: This issue does not bear any security risk as it's only exploitable by users with administrator or super-administrator roles, who can already do what they want on their site. | N/A | 0.04% | 2023-01-16 | 2023-11-07 |
| CVE-2023-0269 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | N/A | N/A | 2023-01-17 | 2023-11-07 |
| CVE-2023-3418 | Rejected reason: The issue is not in the plugin itself but the underlying chat service | N/A | 0.04% | 2023-07-17 | 2024-03-22 |
| CVE-2024-6710 | The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | 5.4 | 0.33% | 2024-08-05 | 2024-09-05 |
| CVE-2024-6498 | The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 | 0.31% | 2024-08-05 | 2024-09-06 |
| CVE-2024-6925 | The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 4.3 | 0.17% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6924 | The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 | 3.29% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6859 | The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | 0.18% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6856 | The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 | 0.19% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6855 | The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack | 4.3 | 0.20% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6853 | The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack | 4.3 | 0.18% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6852 | The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 | 0.20% | 2024-09-08 | 2024-09-11 |
| CVE-2024-6019 | The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators | 6.1 | 0.33% | 2024-09-12 | 2024-09-13 |
| CVE-2024-6018 | The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 6.1 | 0.30% | 2024-09-12 | 2024-09-13 |
| CVE-2024-6017 | The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 6.1 | 0.18% | 2024-09-12 | 2024-09-13 |
| CVE-2024-7716 | The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | 0.32% | 2024-09-11 | 2024-09-25 |
| CVE-2024-3899 | The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks. | 4.8 | 0.33% | 2024-09-11 | 2024-09-25 |
| CVE-2024-3163 | The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 | 0.17% | 2024-09-12 | 2024-09-26 |