NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2021-23174 | Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | 3.4 | 83.22% | 2022-01-28 | 2024-11-21 |
| CVE-2022-31474 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | 7.5 | 63.76% | 2023-03-13 | 2026-04-28 |
| CVE-2023-30777 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. | 7.1 | 38.77% | 2023-05-10 | 2024-11-21 |
| CVE-2023-32243 | Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | 9.8 | 76.52% | 2023-05-12 | 2024-11-21 |
| CVE-2022-45835 | Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | 5.8 | 36.11% | 2023-11-13 | 2026-04-28 |
| CVE-2022-45362 | Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | 7.2 | 38.87% | 2023-12-07 | 2026-04-28 |
| CVE-2022-45365 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. | 7.1 | 43.44% | 2023-12-14 | 2026-04-28 |
| CVE-2022-45354 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | 5.3 | 38.08% | 2024-01-08 | 2026-04-28 |
| CVE-2024-27956 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | 9.9 | 93.97% | 2024-03-21 | 2026-04-28 |
| CVE-2024-30491 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 8.5 | 32.05% | 2024-03-29 | 2026-04-28 |
| CVE-2023-51409 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | 10.0 | 65.05% | 2024-04-12 | 2026-04-28 |
| CVE-2023-40000 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. | 8.3 | 53.38% | 2024-04-16 | 2026-04-28 |
| CVE-2024-27954 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | 9.3 | 72.95% | 2024-05-17 | 2026-04-15 |
| CVE-2024-25600 | Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | 87.45% | 2024-06-04 | 2026-04-15 |
| CVE-2024-28000 | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | 9.8 | 67.92% | 2024-08-21 | 2026-04-29 |
| CVE-2024-44000 | Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. | 9.8 | 83.18% | 2024-10-20 | 2026-04-23 |
| CVE-2024-50498 | Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. | 10.0 | 55.58% | 2024-10-28 | 2026-04-23 |
| CVE-2024-43919 | Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | 5.3 | 43.59% | 2024-11-01 | 2024-11-13 |
| CVE-2025-24587 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23. | 7.6 | 31.06% | 2025-01-24 | 2026-04-23 |
| CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | 9.8 | 37.91% | 2025-05-01 | 2026-04-23 |