NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-53314 | Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0. | 9.6 | 0.09% | 2025-06-27 | 2026-06-17 |
| CVE-2025-52797 | Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1. | 8.2 | 0.09% | 2025-08-14 | 2026-06-17 |
| CVE-2026-40764 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2. | 8.1 | 0.10% | 2026-04-15 | 2026-06-17 |
| CVE-2026-39640 | Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39621 | Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5. | 8.8 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39620 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39619 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39617 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2024-56203 | Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0. | 8.8 | 0.15% | 2024-12-31 | 2026-06-17 |
| CVE-2025-58997 | Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. | 9.6 | 0.15% | 2025-09-09 | 2026-06-17 |
| CVE-2025-60156 | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34. | 9.6 | 0.15% | 2025-09-26 | 2026-06-17 |
| CVE-2025-59572 | Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06. | 8.8 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-58255 | Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. | 9.6 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-58244 | Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9. | 8.8 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-58013 | Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 4.5.0. | 8.8 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-58833 | Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. | 8.8 | 0.16% | 2025-09-05 | 2026-06-17 |
| CVE-2025-54010 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50. | 9.6 | 0.16% | 2025-07-16 | 2026-06-17 |
| CVE-2025-53587 | Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57. | 8.8 | 0.16% | 2025-08-14 | 2026-06-17 |
| CVE-2025-49399 | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3. | 8.8 | 0.16% | 2025-08-20 | 2026-06-17 |
| CVE-2025-49381 | Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= 1.1.1. | 9.6 | 0.16% | 2025-08-20 | 2026-06-17 |