Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
3351	CVE-2025-45864	0.09%	25.9th	5.4	This CVE describes a buffer overflow vulnerability in TOTOLINK A3002R routers via the addrPoolStart
3352	CVE-2025-5342	0.09%	26th	4.3	This CVE describes a ReDOS (Regular Expression Denial of Service) vulnerability in Zohocorp ManageEn
3353	CVE-2025-59302	0.09%	26th	4.7	Apache CloudStack contains a code injection vulnerability in six administrative APIs that allows aut
3354	CVE-2025-37162	0.09%	25.9th	6.5	This vulnerability allows authenticated remote attackers to inject malicious commands through the de
3355	CVE-2025-13133	0.09%	26th	6.6	The Simple User Import Export WordPress plugin contains a CSV injection vulnerability that allows au
3356	CVE-2025-14910	0.09%	25.9th	4.3	This CVE describes a path traversal vulnerability in the FTP daemon service of Edimax BR-6208AC rout
3357	CVE-2025-10289	0.09%	26th	5.9	The Filter & Grids WordPress plugin contains an SQL injection vulnerability in all versions up to 3.
3358	CVE-2025-24755	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the PDF Invoices for WooCommerce plugin allo
3359	CVE-2025-24721	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Easy YouTube Gallery WordPress plugin al
3360	CVE-2025-24719	0.09%	25.8th	6.5	This stored XSS vulnerability in the Widget Countdown WordPress plugin allows attackers to inject ma
3361	CVE-2025-24709	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Plethora Plugins Tabs + Accordions WordP
3362	CVE-2025-24687	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Show/Hide Shortcode WordPress plugin all
3363	CVE-2025-24675	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the WP Visitor Statistics WordPress plugin a
3364	CVE-2025-24673	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Ketchup Shortcodes WordPress plugin allo
3365	CVE-2025-24638	0.09%	25.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the Create with Code WordPress plugin all
3366	CVE-2025-24627	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the WordPress Blur Text plugin allows attack
3367	CVE-2025-24595	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the All Embed – Elementor Addons WordPress
3368	CVE-2025-24585	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Event post WordPress plugin allows attac
3369	CVE-2025-24573	0.09%	25.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the PageLayer WordPress plugin allows att
3370	CVE-2025-24542	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Icegram Engage WordPress plugin allows a
3371	CVE-2025-24025	0.09%	25.7th	6.1	Coolify versions before 4.0.0-beta.380 contain a reflected cross-site scripting (XSS) vulnerability
3372	CVE-2025-22825	0.09%	25.8th	6.5	A stored cross-site scripting (XSS) vulnerability in the WP Desk Flexible PDF Coupons WordPress plug
3373	CVE-2025-22732	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Admiral Ad Blocking Detector WordPress p
3374	CVE-2025-22718	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the FAT Event Lite WordPress plugin allows a
3375	CVE-2024-13444	0.09%	25.9th	6.1	The wp-greet WordPress plugin has a Cross-Site Request Forgery vulnerability that allows attackers t
3376	CVE-2025-23965	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Kopatheme Kopa Nictitate Toolkit WordPre
3377	CVE-2025-23950	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the EZPlayer WordPress plugin allows attacke
3378	CVE-2025-23946	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Enhanced YouTube Shortcode WordPress plu
3379	CVE-2025-23941	0.09%	25.8th	6.5	This stored XSS vulnerability in the MeinTurnierplan.de Widget Viewer WordPress plugin allows attack
3380	CVE-2025-23939	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the WordPress Image Switcher plugin allows a
3381	CVE-2025-23935	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Magic Google Maps WordPress plugin allow
3382	CVE-2025-23933	0.09%	25.8th	6.5	This stored XSS vulnerability in WpF Ultimate Carousel WordPress plugin allows attackers to inject m
3383	CVE-2025-23927	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Incredible Font Awesome WordPress plugin
3384	CVE-2025-23925	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the WordPress Feedburner Optin Form plugin a
3385	CVE-2025-23909	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the WordPress Compare Ninja plugin allows at
3386	CVE-2025-23907	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the SOCIAL.NINJA WordPress plugin allows att
3387	CVE-2025-23899	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Bookalet WordPress plugin allows attacke
3388	CVE-2025-23896	0.09%	25.8th	6.5	This DOM-based cross-site scripting (XSS) vulnerability in the Mindmeister Shortcode WordPress plugi
3389	CVE-2025-23892	0.09%	25.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress Progress Tracker plugin all
3390	CVE-2025-23890	0.09%	25.8th	6.5	This DOM-based XSS vulnerability in the Easy Tweet Embed WordPress plugin allows attackers to inject
3391	CVE-2025-23859	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Daily Proverb WordPress plugin allows at
3392	CVE-2025-23830	0.09%	25.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the JB Horizontal Scroller News Ticker Wo
3393	CVE-2025-23824	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the FontAwesome.io ShortCodes WordPress plug
3394	CVE-2025-23775	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the WWP GMAPS for WPBakery Page Builder Free
3395	CVE-2025-23767	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Marmoset Viewer WordPress plugin allows
3396	CVE-2025-23644	0.09%	25.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the QuoteMedia Tools WordPress plugin all
3397	CVE-2025-23641	0.09%	25.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in Powie's pLinks PagePeeker WordPress plugi
3398	CVE-2025-23444	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Scroll Top Advanced WordPress plugin all
3399	CVE-2025-23434	0.09%	25.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the Easy EU Cookie Law WordPress plugin allo
3400	CVE-2025-22797	0.09%	25.8th	6.5	This stored XSS vulnerability in the Gallery and Lightbox WordPress plugin allows attackers to injec

← Previous Page 68 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free