CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 141160 / 16964
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-29441 Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. 4.3 0.39% 2022-06-15 2026-06-17
CVE-2022-29442 Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. 5.4 0.51% 2022-06-15 2026-06-17
CVE-2022-29453 Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. 5.4 0.41% 2022-06-15 2026-06-17
CVE-2022-29443 Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. 4.1 0.48% 2022-06-15 2026-06-17
CVE-2022-29450 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. 5.4 0.39% 2022-06-15 2026-06-17
CVE-2021-36891 Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. 5.4 0.37% 2022-06-15 2026-06-16
CVE-2022-28612 Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. 5.4 0.46% 2022-06-15 2026-06-17
CVE-2022-29452 Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. 3.4 0.48% 2022-06-15 2026-06-17
CVE-2022-32280 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. 5.4 0.48% 2022-06-15 2026-06-17
CVE-2021-36827 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". 4.8 0.47% 2022-06-16 2026-06-16
CVE-2021-36849 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. 3.4 0.42% 2022-07-20 2026-06-16
CVE-2022-29454 Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. 3.1 0.25% 2022-07-20 2026-06-17
CVE-2022-29923 Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. 5.9 0.42% 2022-07-20 2026-06-17
CVE-2022-32289 Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. 5.4 0.26% 2022-07-21 2026-06-17
CVE-2022-28666 Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. 5.3 1.18% 2022-07-21 2026-06-17
CVE-2022-30337 Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. 5.4 0.26% 2022-07-21 2026-06-17
CVE-2022-28700 Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. 9.1 1.45% 2022-07-21 2026-06-17
CVE-2022-30536 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. 3.4 0.59% 2022-07-21 2026-06-17
CVE-2022-31475 Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. 5.5 0.67% 2022-07-21 2026-06-17
CVE-2022-33198 Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. 9.8 2.65% 2022-07-21 2026-06-17
cvelogic Threat Intelligence