NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-48157 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.9. | 8.1 | 2.04% | 2025-08-20 | 2026-06-17 |
| CVE-2023-50839 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. | 9.3 | 2.04% | 2023-12-28 | 2026-06-17 |
| CVE-2023-40211 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | 7.5 | 2.04% | 2023-11-30 | 2026-06-17 |
| CVE-2023-40600 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. | 5.3 | 2.04% | 2023-11-30 | 2026-06-17 |
| CVE-2024-32825 | Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3. | 7.5 | 2.02% | 2024-04-24 | 2026-06-17 |
| CVE-2024-43144 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | 9.3 | 2.00% | 2024-08-29 | 2026-06-17 |
| CVE-2024-38773 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17. | 9.3 | 1.99% | 2024-07-22 | 2026-06-17 |
| CVE-2023-28787 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. | 9.3 | 1.98% | 2024-03-26 | 2026-06-17 |
| CVE-2021-36917 | WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. | 6.5 | 1.94% | 2021-11-24 | 2026-06-16 |
| CVE-2024-50417 | Missing Authorization vulnerability in boldthemes Bold Page Builder bold-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through <= 5.1.3. | 4.3 | 1.92% | 2024-11-19 | 2026-06-17 |
| CVE-2025-25163 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3. | 7.5 | 1.88% | 2025-02-07 | 2026-06-17 |
| CVE-2024-43965 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. | 8.2 | 1.88% | 2024-08-29 | 2026-06-17 |
| CVE-2024-56278 | Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. | 9.1 | 1.85% | 2025-01-07 | 2026-06-17 |
| CVE-2021-36909 | Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | 8.8 | 1.83% | 2021-11-18 | 2026-06-16 |
| CVE-2024-54363 | Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0. | 9.8 | 1.82% | 2024-12-16 | 2026-06-17 |
| CVE-2021-36916 | The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. | 8.6 | 1.80% | 2021-11-24 | 2026-06-16 |
| CVE-2024-51793 | Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115. | 10.0 | 1.79% | 2024-11-11 | 2026-06-17 |
| CVE-2024-52475 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through < 3.0.18. | 9.8 | 1.79% | 2024-11-28 | 2026-06-17 |
| CVE-2024-32523 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. | 8.1 | 1.75% | 2024-05-17 | 2026-06-17 |
| CVE-2023-29439 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions. | 7.1 | 1.75% | 2023-05-16 | 2026-06-17 |