Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
5501	CVE-2025-60133	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the PE Easy Slider WordPress plugin allows a
5502	CVE-2025-60104	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Gallery Custom Links plugin al
5503	CVE-2025-60101	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Woostify WordPress theme allows attacker
5504	CVE-2025-10180	0.06%	18.4th	6.4	The Markdown Shortcode WordPress plugin versions up to 0.2.1 contain a stored XSS vulnerability in t
5505	CVE-2025-10178	0.06%	18.4th	6.4	This vulnerability allows authenticated WordPress users with contributor-level access or higher to i
5506	CVE-2025-58674	0.06%	18.3th	5.9	This is a stored cross-site scripting (XSS) vulnerability in WordPress core that allows attackers wi
5507	CVE-2025-59821	0.06%	18.2th	6.5	This is a cross-site scripting (XSS) vulnerability in DNN CMS versions before 10.1.0 where specially
5508	CVE-2025-59590	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Media Library Assistant WordPress plugin
5509	CVE-2025-58960	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress IP Based Login plugin allows a
5510	CVE-2025-58669	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Modern Minds Magento 2 WordPress Integra
5511	CVE-2025-58665	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Form Generator for WordPress plugin allo
5512	CVE-2025-58661	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in eZee Online Hotel Booking Engine allows atta
5513	CVE-2025-58655	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Category Featured Images plugi
5514	CVE-2025-58647	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Simple Restaurant Menu WordPress plugin
5515	CVE-2025-58646	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Mobi2Go WordPress plugin allows attacker
5516	CVE-2025-58645	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in Gravitate Automated Tester WordPress plugin
5517	CVE-2025-58223	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the VoucherPress WordPress plugin allows att
5518	CVE-2025-58033	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Draft plugin allows attackers
5519	CVE-2025-57998	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress E-namad & Shamed Logo Manager
5520	CVE-2025-57982	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WPBean Advance Portfolio Grid WordPress
5521	CVE-2025-57980	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Safety Exit plugin allows atta
5522	CVE-2025-57979	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the AuthorSure WordPress plugin allows attac
5523	CVE-2025-57974	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the TZ PlusGallery WordPress plugin allows a
5524	CVE-2025-57962	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the VikRestaurants WordPress plugin allows a
5525	CVE-2025-57959	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress 'Slightly troublesome permalin
5526	CVE-2025-57956	0.06%	18.3th	5.9	This stored XSS vulnerability in the WooMS WordPress plugin allows attackers to inject malicious scr
5527	CVE-2025-57952	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Maps for WP WordPress plugin allows atta
5528	CVE-2025-57951	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the SiteNarrator Text-to-Speech Widget WordP
5529	CVE-2025-57950	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Plugin Security Scanner allows
5530	CVE-2025-57945	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WP Advanced PDF WordPress plugin allows
5531	CVE-2025-57941	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Append Link on Copy plugin all
5532	CVE-2025-57940	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Append extensions on Pages plu
5533	CVE-2025-57935	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Bot Block plugin allows attack
5534	CVE-2025-57929	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Double the Donation WordPress plugin all
5535	CVE-2025-57920	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Category Featured Images Exten
5536	CVE-2025-57912	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in Dialogity Free Live Chat WordPress plugin al
5537	CVE-2025-57908	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Product Time Countdown for WooCommerce W
5538	CVE-2025-57906	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Epeken All Kurir WordPress plugin allows
5539	CVE-2025-57904	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in Sales Count Manager for WooCommerce allows a
5540	CVE-2025-57903	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WooCommerce Additional Fees On Checkout
5541	CVE-2025-53467	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WordPress Login-Logout plugin allows att
5542	CVE-2025-53464	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the WP Mailto Links WordPress plugin allows
5543	CVE-2025-53462	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in SAPO Feed WordPress plugin allows attackers
5544	CVE-2025-53460	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the AffiliateWP – External Referral Links
5545	CVE-2025-53458	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Goracash WordPress plugin allows attacke
5546	CVE-2025-53455	0.06%	18.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the CashBill WooCommerce payment plugin allo
5547	CVE-2025-10181	0.06%	18.4th	6.4	The Draft List WordPress plugin has a stored XSS vulnerability in all versions up to 2.6. Authentica
5548	CVE-2026-21528	0.06%	18.4th	6.5	This vulnerability in Azure IoT SDK allows attackers to bind to unrestricted IP addresses, potential
5549	CVE-2024-26479	0.06%	18.4th	5.3	This vulnerability in Statping-ng v0.91.0 allows attackers to access sensitive information through c
5550	CVE-2025-8711	0.06%	18.2th	5.4	This is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple Ivanti secure access pr

← Previous Page 111 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free