CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 81100 / 16961
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-45729 The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. 5.4 0.68% 2022-01-25 2026-06-17
CVE-2022-23975 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. 6.5 0.47% 2022-04-18 2026-06-17
CVE-2022-23976 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). 8.1 0.47% 2022-04-18 2026-06-17
CVE-2022-23979 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). 4.8 0.56% 2022-01-28 2026-06-17
CVE-2022-23980 Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. 4.7 0.79% 2022-02-04 2026-06-17
CVE-2022-23981 The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). 4.3 0.61% 2022-02-18 2026-06-17
CVE-2022-23982 The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. 4.3 1.16% 2022-02-18 2026-06-17
CVE-2022-23983 Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). 4.3 0.40% 2022-02-21 2026-06-17
CVE-2022-23984 Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). 3.7 1.07% 2022-02-21 2026-06-17
CVE-2022-25599 Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). 5.4 0.39% 2022-02-21 2026-06-17
CVE-2022-25600 Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 5.4 0.55% 2022-03-11 2026-06-17
CVE-2022-25601 Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 4.7 0.98% 2022-03-11 2026-06-17
CVE-2022-25602 Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). 8.3 1.26% 2022-03-18 2026-06-17
CVE-2022-25603 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). 4.8 0.54% 2022-03-18 2026-06-17
CVE-2022-25604 Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). 4.1 0.55% 2022-03-18 2026-06-17
CVE-2022-25605 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. 4.8 0.54% 2022-03-18 2026-06-17
CVE-2022-25606 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. 4.8 0.54% 2022-03-25 2026-06-17
CVE-2022-25607 Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). 6.6 0.80% 2022-03-18 2026-06-17
CVE-2022-25608 Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. 5.4 0.29% 2022-03-23 2026-06-17
CVE-2022-25609 Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. 5.4 0.51% 2022-03-23 2026-06-17
cvelogic Threat Intelligence