NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-27956 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | 9.9 | 93.97% | 2024-03-21 | 2026-06-17 |
| CVE-2024-25600 | Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | 87.45% | 2024-06-04 | 2026-06-17 |
| CVE-2024-44000 | Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. | 9.8 | 83.18% | 2024-10-20 | 2026-06-17 |
| CVE-2023-32243 | Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | 9.8 | 75.95% | 2023-05-12 | 2026-06-17 |
| CVE-2024-27954 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | 9.3 | 72.95% | 2024-05-17 | 2026-06-17 |
| CVE-2024-28000 | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | 9.8 | 67.92% | 2024-08-21 | 2026-06-17 |
| CVE-2023-51409 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | 10.0 | 63.33% | 2024-04-12 | 2026-06-17 |
| CVE-2024-50498 | Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. | 10.0 | 53.64% | 2024-10-28 | 2026-06-17 |
| CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | 9.8 | 50.19% | 2025-05-01 | 2026-06-17 |
| CVE-2025-47539 | Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. | 9.8 | 29.64% | 2025-05-23 | 2026-06-17 |
| CVE-2024-43917 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | 9.3 | 21.77% | 2024-08-29 | 2026-06-17 |
| CVE-2025-47646 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. | 9.8 | 21.75% | 2025-05-23 | 2026-06-17 |
| CVE-2026-23550 | Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. | 9.8 | 18.91% | 2026-01-14 | 2026-06-17 |
| CVE-2024-51818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. | 9.3 | 15.49% | 2025-01-21 | 2026-06-17 |
| CVE-2025-48148 | Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. | 10.0 | 14.92% | 2025-08-20 | 2026-06-17 |
| CVE-2024-56064 | Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 10.0 | 14.49% | 2024-12-31 | 2026-06-17 |
| CVE-2022-45359 | Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | 9.8 | 13.51% | 2022-12-06 | 2026-06-17 |
| CVE-2025-32583 | Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. | 9.9 | 12.19% | 2025-04-17 | 2026-06-17 |
| CVE-2024-50477 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. | 9.8 | 7.96% | 2024-10-28 | 2026-06-17 |
| CVE-2021-36888 | Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. | 9.8 | 6.74% | 2021-12-15 | 2026-06-16 |