NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2022-27850 | Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 5.4 | 0.37% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27851 | Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | 5.4 | 0.37% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27852 | Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. | 6.1 | 0.66% | 2022-04-15 | 2026-06-17 |
| CVE-2022-23975 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | 6.5 | 0.47% | 2022-04-18 | 2026-06-17 |
| CVE-2022-23976 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 8.1 | 0.47% | 2022-04-18 | 2026-06-17 |
| CVE-2022-27853 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 | 4.8 | 0.50% | 2022-04-18 | 2026-06-17 |
| CVE-2022-27862 | Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | 9.8 | 1.64% | 2022-04-19 | 2026-06-17 |
| CVE-2022-27863 | Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | 5.3 | 1.05% | 2022-04-19 | 2026-06-17 |
| CVE-2022-29417 | Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | 4.3 | 0.58% | 2022-04-25 | 2026-06-17 |
| CVE-2022-29418 | Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. | 4.8 | 0.50% | 2022-04-25 | 2026-06-17 |
| CVE-2022-29419 | SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | 6.0 | 0.80% | 2022-04-25 | 2026-06-17 |
| CVE-2021-36867 | Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. | 5.4 | 0.53% | 2022-04-26 | 2026-06-16 |
| CVE-2021-36895 | Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. | 4.7 | 0.70% | 2022-04-26 | 2026-06-16 |
| CVE-2022-27854 | Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | 5.4 | 0.54% | 2022-04-26 | 2026-06-17 |
| CVE-2022-27860 | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. | 6.1 | 0.36% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29415 | Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. | 6.1 | 0.70% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29410 | Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | 7.4 | 0.86% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29411 | SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | 8.3 | 1.02% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29412 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | 5.4 | 0.39% | 2022-04-28 | 2026-06-17 |
| CVE-2022-29413 | Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. | 4.7 | 0.36% | 2022-04-28 | 2026-06-17 |